Engineering Autonomous Space Software

Lead Research Organisation: University of Southampton
Department Name: Faculty of Engineering & the Environment


This proposal is based on two premises: that (1) increased autonomy is essential for future space exploration; (2) that existing programming methods are tedious to apply to autonomous components that have to handle an environment with continuous state variables. For well defined discrete-event environments the above rational agent approach is well developed; for a continuous environment, however, perception processes need to be linked with abstractions forming the basis of behaviour. As the environment changes, the abstracted models may also change. Hence, agents are needed that can use these abstractions to aid their decision making processes, use these in the predictive modelling of a continuous world, and connect these abstractions to both planning and goal achievement within rational agents.This project also intends to replace the current complex programming techniques, used for autonomous spacecraft control, with simpler declarative programming. High-level, declarative agent programming languages have been investigated at Liverpool and such theories and languages will be developed further for agents that require predictive modelling capabilities. The Southampton team is experienced both in the formal handling of analytical and empirical models for control and prediction, and in developing control software for real satellites. The merging of these themes is very promising. Although the results will be transferable to ground vehicles and robots, this project will particularly illustrate the new methods in space applications, both in simulation and laboratory hardware demonstrations.
Description Our work has laid down the foundations of how to create "abstraction processes" of BDI agents from a continuous world in terms of precise semantics. "Abstractions" allow concepts to be translated from the quantitative data necessary to actually run the underlying system to the qualitative data needed for reasoning. The generation of such abstractions has itself been made declarative. Our new "hybrid" agent architecture contains "sensing/control systems", consisting of a Physical Engine _, a Continuous Engine _ , an Abstraction Engine _ and a reasoning done by standard ways of a BDI agents using logical inference. The _ was able to test hypothetical consequences of future actions that are abstracted by _ for temporal logic reasoning of the agent about the future. The problem and its solution techniques have been summarised in [3] in a less formal, more accessible format to engineers, to provide wide publicity of our work on a our agent architecture.

Control/space engineers often use hybrid systems to control autonomous systems today. Paper [2] was written to show engineers the significant software complexity reduction they may gain from using our architecture. As evidence, our work [2] presents a case study that is concerned with satellites maintaining geo-stationary orbits. It was shown that the complexity of the code of such a system increases much more slowly in the face of increasing complexity of the scenario, than in a more traditional approach based on finite state machines over controller options. With its ability to reason about the future, as being integral part of agent reasoning, our agent architecture goes way beyond hybrid automaton implementations of autonomous control system.

With respect to continuous re-planner systems such as CLARATY architecture (used by JPL, NASA and a group of US universities) the advantages of our architecture is less obvious as CLARATY has the ability to plan in the future that may be thought of as a substitute for "reasoning about the future by temporal logic". Our work [6] explains the advances that our system makes over CLARATY. Continuous re-planning (at various resolution levels) can be made a natural part of our agent architecture in its BDI reasoning cycle. Our architecture however goes beyond that and blends the merits of CLARATY with features of anthropomorphic operation that can be summarise as:

(1) clear conceptualisation of reasoning into current beliefs, goals and intentions that is easily sharable with operating personnel;

(2) our agent has the inherent, built-in ability to explain its reasons for taking some actions;

(3) reduced code and computational complexity due to agent "knowledge" provided by programmers/operators in terms of skill described in English sentences;

(4) efficient code development of the agent's complex intelligent by large (variable) team of programmers over many years due that natural language programming in sEnglish is made integral part of our agent architecture.

Our findings and results have been published not only for computer scientists but for the control/space engineering and community in [4,6,7,11]. Our research has also received high profile media publicity (the "Space Truck" video by EuroNews supported by ESTEC/ESA still available through the internet) on May 18th 2011, apart from 20+ newspaper and magazine reports listed at, success was also reported on the EPSRC website.

1.2 To augment this agent architecture with the ability to undertake multi-resolution and multi-layered modelling in order to reduce the time it takes for an agent to find a solution using its predictive modelling capabilities

Our agent architecture, as introduced in [1-4],[6] and in terms of software details in [11], has been created with the inherent ability to handle multi-resolution models of the world. As defined in these papers, the abstracted world is modelled by the agent using concepts defined in an ontology as templates for world modelling objects to be used and to be defined by the agent designer. As explained in [3,11], various levels of abstractions can be accommodated in this ontology ranging from very high to low. By methods of BDI logic-based reasoning [1,2], these resolution levels of abstractions can be handled by two mechanisms of the agent:

(1) Hierarchical planners invoked by the BDI agent to plan in the continuous world.

(2) Temporal logic inference with events generated by the continuous engine _ for the belief base.

These multi-resolution model-handling abilities have been illustrated in [1-3], [6],[9],[10-11].

1.3 . To develop a declarative agent programming theory, and a practical language, that can handle real world control environments.

The new agent architecture introduced comes with an associated agent programming environment that we defined/created in this project. Our work in [1-11] has all been based on either on Gwendolen or upgrades of the Jason BDI programming environments. Neither of these had previously been able to naturally integrate features provided by the continuous and physical engines that provides abstractions at several levels of resolution of world modelling. We have integrated the Java based Gwendolen and Jason agent threads (via sockets based fast communications) with parallel executed processed of the continuous and physical engines for sensing/feedback control and "anticipation" of events in the continuous world.

The style of programming in our integrated system is declarative mixed with procedural in the sense that relationships and goals are declarative and pre-programmed physical and problem solving skills are procedurally declared. The declarative feel for programmers is enhanced by that even procedural descriptions "feel declarative" through the use of a sequence of English sentences to define them. The use of sEnglish for anything except low level code of signal processing, control and intricate procedures of planning, makes the operations of an agent readable from an English language "manual of the agent" with contents, chapters, sections, sentence based conceptual descriptions. This manual (that compiles into agent code) can also contains a section for a sentences-based description operational concepts used by the agent to aid multi-resolution modelling. Operators can have shared understanding of the world with the agent if they read its manual which is its code. The manual declares how the agent is thinking and what behaviour rules it adheres to, what goal system it maintains, what skills sets it has and how it prioritises its choice of intentions in deliberation [3,6,11] .

Theoretical background has also been published on the semantics of natural language programming in [5] which is used in our agent programming framework throughout in order to create shared operational knowledge of the agent within a development team initially and with human operators of the agents after commissioning.

1.4 To demonstrate the methodology both in realistic simulations, and in the Southampton Spacecraft Autonomy Testing (SAT) Facility using 3 laboratory model satellites with sensors, actuators and cameras.

The laboratory SAT has been used to implement the new agent architecture on real hardware from about the middle of the project. A set of parallel processes for reasoning (Gendolen+, Jason+) and continuous and physical engine processes (MATLAB, C, C++) have been implemented on board of three model satellites at SAT.

A number of video's have been produced to show the agent capabilities developed such as

We went beyond the original set of objectives by making our new agent system inherently formally verifiable [8] on which topic we currently continue our joint work.

2. Publications

[1] L. A. Dennis, M. Fisher, N. Lincoln, A. Lisitsa, and S. M. Veres. Declarative Abstractions for Agent Based Hybrid Control Systems. In Proc. 8th International Workshop on Declarative Agent Languages and Technologies (DALT), volume 6619, of LNCS, pages 96-111. Springer, 2010.

Abstract: Modern control systems are limited in their ability to react flexibly and autonomously to changing situations by the complexity inherent in analysing environments where many variables are present. We aim to use an agent approach to help alleviate this problem and are particularly interested in the control of satellite systems using BDI agent programming as pioneered by the PRS.

Such systems need to generate discrete abstractions from continuous data and then use these abstractions in rational decision making. This paper provides an architecture and interaction semantics for an abstraction engine to interact with a hybrid BDI-based control system.

[2] L. A. Dennis, M. Fisher, N. Lincoln, A. Lisitsa, and S. M. Veres. Reducing Code Complexity in Hybrid Control Systems. In Proc. 10th International Symposium on Artificial Intelligence, Robotics and Automation in Space (i-Sairas), Sapporo, Japan, 2010.

Abstract: Many industrial control systems are limited in their ability to react flexibly and autonomously to changing situations by the complexity inherent in handling situations where many variables are present. We present an architecture based on a combination of agent programming and hybrid systems for managing high level decisions in such systems. Our preliminary case study concerns satellites maintaining geo-stationary orbits. This case study suggests that the complexity of the code of such a system increases much more slowly in the face of increasing complexity of the scenario, than in a more traditional approach based on finite state machines over controller options.

[3] L. A. Dennis, M. Fisher, A. Lisitsa, N. Lincoln, and S. M. Veres. Satellite Control Using Rational Agent Programming. IEEE Intelligent Systems, 25(3):92-97, May/June 2010.

Abstract: Our aim is to produce a hybrid system embedding existing technology for generating feedback controllers and configuring satellite systems within a decision-making part based on a high-level agent programming language. Such languages assume an underlying imperative programming layer in which an agent's actions are executed. Hybrid control systems appear to be a natural fit for this programming style in which a decision-making layer is combined with a lower-level, dynamic execution layer. Decision making tends to rely on discrete information (such as "a thruster is broken"), while system control tends to rely on continuous information (such as "thruster fuel pressure is 65.3"). Thus, it is vital to be able to abstract from the dynamic system properties and provide discrete abstractions for use by the agent program (see Figure 4). For this reason, our architecture has an explicit between the two information styles as data flows around the system. The abstraction engine generates a stream of incoming sensor and action abstractions, using the sEnglish ontology based natural language programming system.

[4] N. Lincoln, S. M. Veres, L. A. Dennis, M. Fisher, and A. Lisitsa. An Agent Based Framework for Adaptive Control and Decision Making of Autonomous Vehicles. In Proc. IFAC Workshop on Adaptation and Learning in Control and Signal Processing (ALCOSP), 2010.

Abstract: The paper addresses the problem of defining a theoretical physical agent framework that combines rational agent decision making with abstractions from predictions and planning of the future of the physical environment. The objective of the new framework is to reduce complexity of logical inference of agents controlling autonomous vehicles and robots in space exploration, deep underwater exploration, defence reconnaissance, automated manufacturing and household automation. An essential feature of the framework is automated realtime evaluations of abstractions on the effects of future actions. Comparison is made with hybrid automaton based solutions in terms of computational complexity.

[5] S. M. Veres. Theoretical foundations of natural language programming and publishing for intelligent agents and robots. In 11th Conference Towards Autonomous Robotic Systems (TAROS 2010), 2010.

Abstract: This paper is an application of ontology theory, conceptual graphs and programming language theories to develop the theoretical foundations of natural language programming (NLP) that has in recent years been used to produce natural language documents for intelligent agents and human readers. The analysis given reveals three benefits of NLP. First, it is "conceptualized" programming that enables developers to write less bug prone programs due to clarity of code presentation and enforced structuring of data. Secondly, NLP can aid programming of the all important abstractions for robots: event, action and world model abstractions can be created by sentences. Thirdly, NLP can be used to publish natural language documents by researchers, i.e. English language documents on control theory and procedures, on the Internet or in printed documents. This theoretical paper also defines a large class of intelligent agents that can read such documents. This enables human users and agents to have shared understanding of how application systems work.

[6] N. K. Lincoln, S. M. Veres, L. A. Dennis, M. Fisher, A. Lisitsa. Autonomous Asteroid Exploration - Agent Based Control for Autonomous Spacecraft in Complex Environments. Subject to minor revisions for the IEEE Robotics and Automation Magazine.

Abstract: The agent programming system presented develops the antropomorphic belief-desire-intention agent programming approach further by enabling efficient hierarchical planning and execution capabilities. It simplifies agent operations relative to multi-layer agents by blending reactive and foresight based behaviours through logic based reasoning. Agent operations such as sensing, abstraction, task executions, behaviour rules and reasoning become transparent for a team of programmers through the use of natural language programming. Through the use of English language descriptions of agent reasoning, which compile into agent code, the operators of agents can have a shared knowledge of meanings and procedures with the agents. In this system it is also straightforward to program the agent to make it able to explain its selected actions to its operators.

[7] N. K. Lincoln, S. M. Veres, L. A. Dennis, M. Fisher, A. Lisitsa Agent Based Approaches to Engineering Autonomous Space Software. ESA Workshop on Avionics Data, Control and Software Systems (ADCSS) ESA/ESTEC, Noordwijk, The Netherlands, 23-25 October 2012.

Abstract: Current approaches to the engineering of space software such as satellite control systems are based around the development of feedback controllers using packages such as MatLab's Simulink toolbox. These provide powerful tools for engineering real time systems that adapt to changes in the environment but are limited when the controller itself needs to be adapted. We are investigating ways in which ideas from temporal logics and agent programming can be integrated with the use of such control systems to provide a more powerful layer of autonomous decision making. This paper will discuss our initial approaches to the engineering of such systems.

[8] L. A. Dennis, M. Fisher, A. Lisitsa, N. Lincoln, and S. M. Veres. Verifying Practical Autonomous Systems. Draft prepared for a formal methods journal.
Exploitation Route Space companies,
Manufacturers of autonomous vehicles and appliances
Thales UK
Sectors Aerospace, Defence and Marine,Digital/Communication/Information Technologies (including Software)

Description Academic impact: The results of this project have been published in 24 academic paper. Impact on public awareness: The research impacted on ESAs development programme on autonomy, highlighted in a EuroNews 5min interview in May 2011 broadcasted in 15 languages and paid for by ESA. Industrial impact: Further impact was the development of a unique rational agents based design system for autonomous intelligent agents using natural language programming and modified (upgraded) version of the Jason agent programming language by SysBrain Ltd. These software development methods are now used outside the space industry in autonomous surface boats (Thales UK), autonomous root arms for nuclear decommissioning (Sellafield Ltd) and SMEs developing and selling drones for inspection in construction, agriculture and search and rescue. The project fundamentally influenced SysBrain Ltd's software development strategy.
First Year Of Impact 2012
Sector Aerospace, Defence and Marine,Agriculture, Food and Drink,Construction,Digital/Communication/Information Technologies (including Software),Environment,Transport
Impact Types Cultural,Societal,Economic

Description EPSRC: Robotics Capital Funding
Amount £1,000,000 (GBP)
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2014 
End 04/2017
Description Floow Ltd: driver experience based learning 
Organisation Floow Ltd
Country United Kingdom 
Sector Private 
PI Contribution Providing academic lead in discussion with the company and encouraging them to lead an Innovate UK project proposal where ACSE Sheffield would be the main partner.
Collaborator Contribution Guidance on what useful academic/ industrial research could be done to advance progress towards safe an effective autonomous vehicles appearing on our roads.
Impact Helped formulate Innovate UK proposal, as partners, which was awarded and its project is due to start shortly.
Start Year 2015
Description Sellafield: Autonomous Robot Arms Development 
Organisation Sellafield Ltd
Country United Kingdom 
Sector Private 
PI Contribution We are currently demonstrating at Sheffield Robotics a system, which is being implemented at a specially setup KUKA robot arm, to be transferred to Workington for Sellafield Ltd, where we have an industrial setup of robot arms for us. (We have already demonstrated sort-and-segregate capabilities which is an impact of our Reconfigurable Autonomy EPSRC project. )
Collaborator Contribution Dedicated KUKA robot arm and work area for us set up by Sellafield Ltd at their Workington Inactive Laboratory site.
Impact Continuation funding is currently sought from Sellafield Ltd and EPSRC acceleration funds to ensure utilisation of our results by Sellafield Ltd.
Start Year 2014
Description SysBrain Ltd : converting theoretical ideas into software 
Organisation SysBrain Ltd
Country United Kingdom 
Sector Private 
PI Contribution Provides theoretical foundations for the reasoning of the agent architectures developed by the company.
Collaborator Contribution Provided free licence to the use of sEnglish Publisher, which is a natural language programming environment of Simulink/ROS based robots.
Impact Autonomous Surface Vehicles programming for Thales UK, Unmanned Aerial Systems self-tuning mid flight, programming of Sheffield Robotics drones (quad, hexa- and octo-copters) have been helped by the use of sEnglish Publisher in the work PDRAs and PhD students
Start Year 2008
Description TATA Motors: reliable autonomous vehicles 
Organisation TATA Steel
Department Tata Motors European Research Centre
Country United Kingdom 
Sector Private 
PI Contribution PhD studentship supervised to work on verification methodologies directly relevant to safe operation of autonomous vehicles to be designed by Tata Motors European Research Centre.
Collaborator Contribution Loan of steer by wire vehicle for development of reliable sensing and control at low speed urban operations of an autonomous vehicle.
Impact 2 PhD studentships, media publicity and Innovate UK award to ACSE Sheffield as part of an industry lead project by Floow Ltd.
Start Year 2014
Description Thales UK: autonomous surface vehicles development 
Organisation Thales Group
Department Thales Research & Technology (Uk) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Developing mission management systems for autonomous surface vehicles using intelligent agent technologies derived from our EPSRC projects on Engineering Autonomous Spacecraft Software and Verifiable Autonomy.
Collaborator Contribution Described their problem, systems and approach they are taking to ASV autonomy.
Impact PhD studentship supported by Thales UK: it produces simulation based demonstration of ASV autonomy at sea.
Start Year 2015
Company Name SysBrain Ltd 
Description The company's strategy, on software development environments for autonomous robots, has been fundamentally influenced by a series of EPSRC research grants, starting from the natural language programming through to latest ROS based design systems of the company where robot decision making is verifiable by design. 
Impact The company's software, sEnglish Publisher, has been given with free licence to PDRAs and research students on all EPSRC research projects of the grant holder. This lead to application developments for autonomous surface vehicles with Thales UK, autonomous van with Tata Motors and to research carried out on autonomous drones at the university using the company's software. There was also an EU proposal with the participation of university partners: University of Surrey and University Liverpool where SysBrain Ltd was a key partner.