The HAL 9000 Space Operating System

The operations paradigm of moving ground operator functions to on-board autonomous functions utilizing the Timeliner system has been proven on the International Space Station (ISS). In April of 2005, the first Higher Active Logic (HAL 1) automated command software was deployed on-board the ISS command and control (C&C) system. This initial version of a Timeliner software prototype provided limited automation capabilities, such as event-driven, autonomous command script installation and removal as well as autonomous startup and shutdown control of Health and Status (H&S) data for payloads. In September of 2005, the HAL 2 System added to the Execution Component, a shared memory allocation, mapped specifically for HAL System use. This version also became fully autonomous for all payload H&S control and would recover configuration and communications from a Payload Multiplexor/De-Multiplexor (MDM) failure. Finally, HAL 2 provided English text messages to ground operators, essentially allowing the ability to follow an automated sequence execution. With the future in mind, the designers provided for the operational interfaces needed for configuring and interacting with the autonomous execution. Once these interfaces were established, the door was open for “automated control of the automation,” which would involve the ability to control the automation to effect a real-time (RT) re-plan. HAL 3 was deployed in June of 2006 and supported fully automated payload commanding. The HAL System has not sent a command in error to date. This design paper builds on the C&C capabilities demonstrated with the current HAL 3 architecture[1] and provides a safe and proven design/development methodology for human operation of automated vehicles. The HAL 9000 System introduces an integrated series of intelligent RT Executive/re-plan software engines that control Subsystem auto-operators (Timeliner-TLX Engines) that together become the intelligent operator, n- - ow located on-board the spacecraft. The HAL 9000 design integrates safety and mission assurance into all aspects of C&C, from development and planning to RT execution. This paper will detail the software design and hardware architecture of the four components of the HAL 9000 System. It will also describe the vehicle and software development integration methodology that must be employed to implement the HAL 9000 System. An analysis of the development costs and schedule impacts of such a methodology will be provided and conclude with the operations scenarios to describe the internal interfaces and algorithms of the system as it operates as well as the required human interfaces and controls.