CONSTRAINT-BASED LAYERED PLANNING AND DISTRIBUTED CONTROL FOR AN AUTONOMOUS SPACECRAFT FORMATION FLYING Jean-Clair Poncet (1) , Christophe Guettier (2) , Gérard Le Lann (3) , Eric Bornschlegl (4) (1) Axlog Ingénierie 19-21, rue du 8 mai 1945, F-94110 Arcueil jean-clair.poncet@axlog.fr (2) Xerox Palo Alto Research Center 3333 Coyote Hill Road, Palo Alto, CA 94304 guettier@parc.xerox.com (3) INRIA B.P. 105, 78153 Le Chesnay Cedex, France gerard.le_lann@inria.fr (4) ESA/ESTEC Keplerlaan 1, P.O Box 299, NL-2202 AG Noordwijk eric.bornschlegl@esa.int INTRODUCTION For autonomous space systems, particularly satellite-borne systems, the minimization of human intervention in the system loop exacerbates the classical requirements of safety, survivability and availability. Furthermore, such systems call for tighter “close loop interleaving” between embedded operation, planning and decision with finer grain real time control and command. For a set of autonomous spacecraft flying in formation (FF), group management introduces some additional complexity, especially regarding global command and control. Defining spacecraft formation in terms of a Multi-Agent System (MAS) enables the integration of automatic reasoning functions into a distributed model of architecture. Locally, an agent can sense, reason, actuate and operate using its knowledge from different levels of automation retroactively. Globally, with intelligent coordination protocols, a multi- agent system can elaborate collaborative behaviors to achieve a common goal. However, to be integrated in future spacecraft systems, reasoning algorithms and coordination protocols must be well suited and powerful enough to solve real-size decision, operation and control problems as well as meet timeliness and liveliness properties despite the distributed nature of the underlying system, and despite occurrence of failures. The approach we have adopted separates the applicative semantics from the system semantic. On the one hand, by following a Proof-Based System Engineering method, one can design a computer-based system which provably meets its specification, i.e. which behaves as expected. On the other hand, planning functions based on Constraint Programming (CP) [9][10] are strengthening Multi-Agent Systems for dedicated domains, such as space and aeronautic. In fact, the approach allows powerful specifications and an efficient solving of collaborative and coordination problems [7][8]. Furthermore, when specifying and solving planning problems using CP, one can prove a correct usage of applicative devices and on-board resources along spacecraft operations. Despite being co-designed, application and system components can be easily combined and integrated so as to build a space system. ARCHITECTURES AND DESIGNS FOR AUTONOMOUS FORMATIONS In order to meet those requirements proper to autonomous space systems, designs must be proven correct, for behaviors remarkably adaptive and responsive to partially unknown environments. By mapping a multi-agents architecture onto a spacecraft formation, it is possible to combine state-of-the-art in real-time fault-tolerant distributed systems with automatic reasoning. Regarding those problems raised with how to architect and design computer-based systems that meet requirements deriving from autonomy, proof-based system engineering (SE) is seen as a critical discipline. Proof-based SE [5] rests on such mature theories as, e.g., the real-time scheduling theory and the distributed algorithms theory. Results established in these fields are essential in addressing successfully the challenges involved with establishing designs which are provably correct, despite postulating the absence of global knowledge, as well as failure occurrence. Proofs of such properties as safety, liveness, timeliness, dependability, rest on mathematical analyses that are well mastered. A significant number of problems in the area of real-time distributed fault-tolerant computing are closed. It turns out that: