Skip to main content

Human Factors in Automated and Robotic Space Systems Proceedings of a Symposium (1987) / Chapter Skim
Currently Skimming:

Robustness and Transparency in Intelligent Systems
Pages 211-233

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 211...
... We claim that they are crucial to the space station undertaking (and indeed to any situation with similar levels of complexity and similar consequences of failure)
Read the entire page →
From page 212...
... Space is a sufficiently novel environment that we have no comprehensive catalog of standard fault models that can be checked ahead of time. Unanticipated Events: Example an interesting sequence During S ~ -2, the second space shuttle mission, ~ ~ _ , of events lead at one point to the recognition that a fuel cell was failing and later to the realization that in its degraded state it could conceivably explode.
Read the entire page →
From page 213...
... A meter at the outlet Uniters water pH, Choking for contamination (e.g., patassi~ hydride freak` the fuel cells, since the water is ~nterxied for consumption. In very math abbreviated form, the sequence of events leading to early mission termirmtion of S=-2 preceded as follows (Ei~hoefer, 1985)
Read the entire page →
From page 214...
... Degraded performance suggests possible flooding; AH high also suggests flooding; Ungirt will rove water. purging EC1 reject~ -- purged KOH might solidify, blocking purge line that is con to all 3 cells.
Read the entire page →
From page 215...
... Post-m~ssion analysis of the fuel cell and water separator revered that the FlI meter had been working correctly ark that a small particle blo ~ the nozzle in the water separator of cell 1, preventing water removal to the storage area. The water backed up first in the separator and later in the cell, flooding the cell (hence the high pH)
Read the entire page →
From page 216...
... Finally, it offers a simple way summarizing arch of what this paper is abaft: while all of the reasoning above was done by people using then' ~ dels of the device; in question, we suggest giving computers exactly the same sort of knowledge and reasoning abilities. They could, as a result, perform as far more effective assistants.
Read the entire page →
From page 217...
... Other rationales already exist for transparency, including giving users an understanding of the system's reasoning so they know when to rely on the conclusions, and the importance of keeping the system accessible to human comprehension and possible intervention. Dealing with unanticipated events abbe additional motivation, most visible in the question of system Override: to determine whether a system's response is based on inappropriate a.caumptions (e.g., an inappropriate model)
Read the entire page →
From page 218...
... So many alarms ware triggered during the Three Mite Island accident, for instance, that not only was it effectively impossible to interpret them, even detection became problematic as multiple alarms masked one another. Somewhat more immediately relevant, during shuttle mission STS-9 an alarm was triggered more than 250,000 over 3 days, due to an unanticipated thermal sensitivity in a Spacelab remote acquisition unit, along with an oversight in user software.
Read the entire page →
From page 219...
... Where we can anticipate and analyze of course we should, and where we can construct effective fault tolerant systems we should. But as system complexity grows and the number and seriousness of unanticipated events increases, we need the
Read the entire page →
From page 220...
... with advancing our understanding of model creation, selection, and use, and demonstrating that understanding bar creating progrmns capable of doing such things.
Read the entire page →
From page 221...
... Other approaches we discuss that share the same basic mind set include understanding (and hence capturing in programs) "common sense" physical reasoning, and exploring the origins of robust problem solving in people, whose grateful degradation in performance is so markedly different from the behavior of auto mated systems.
Read the entire page →
From page 222...
... Work in AI an] cognitive science has facilitated unders ~ and capturing other types of models as well, including mental models , the vastly simplified, occasionally inaccurate but effective representations of mechanism and cavity ffbat people use in dealing with the world.
Read the entire page →
From page 223...
... A particularly relevant e ~ le arose in the Solar Max repair during Mission 41-C. The initial attempt to attach to the satellite failed because additional, undocumented hardware had been added to the satellite near the attachment point, preventing the mating of the satellite an]
Read the entire page →
From page 224...
... We then ask how those models can be created and indeed how we can design the device fern the outset in such a way that the model creation process is made simpler. Model Selection and Creation Selecting and creating models is perhaps the most fundamental issue in solving eng m Bering problems and an important determinant of the robustness of the solution.
Read the entire page →
From page 225...
... Much more likely we will find a tangled graph of models; part of the tack is to sort out the different kinds of interconnections likely to be encountered. A second possible route to understanding the nature of models arises from the simple observation that models ignore details.
Read the entire page →
From page 226...
... At the simplest level the issue is volume: there is an enormous amount of information to be captured. Existing design capture systems don't deal well with the problem because they don't make the information collection process easy enough, nor do they offer sufficient payoff once the information is entered to provide a motivation for doing it.
Read the entire page →
From page 227...
... Even their basic functions -- schematic capture and edit, design rule checking, simulati~n -- pravide sufficient payback to make them worth the trouble. Existing tools also illustrate important limitations: they capture the final result, but not the rationales, not the design process.
Read the entire page →
From page 228...
... Where well known concepts like ensuring that signals are observable and controllable are likely to carry over easily, part of the research task here lies in extending techniques developed for simple digit al circuits to deal with much larger subsystems Design for Diagnosability Designs for diagn~c~hility is a less well understood task. Where testing involves methodically trying out all of the designed behaviors of the device, diagnosis is a process of reasoning from the observed symptoms of m~1 function to identify the possibly faulty components.
Read the entire page →
From page 229...
... Finally, simplicity may also produce robustness by assisting in determining when a model is inappropriate. We argued above that the override decision is part of the model selection process and could be facilitated by making explicit the simplifying assumptions underlying each mcdel.
Read the entire page →
From page 230...
... Part of the answer may lay ~ the ~ er of and variety of models they can use, along with their body of common sense knowledge. Multiple Models mus far our approach has focused on creating robustness by reasoning from detailed models.
Read the entire page →
From page 231...
... Given the serious consequences of working from incomplete information, a second major thrust should be devoted toward model and design capture. Existing systems for VISI design are effective enough to make them essential tools, and hence effective in same aspects of design capture.
Read the entire page →
From page 232...
... Finally, it appears that additional leverage on the problem is available from examining human performance to determine the source of robustness in cur own problem solving behavior, and fern compiling the large body of ~ on sense knowledge that seems to be a source of graceful degradation in human problem solving. ACKNCWIEIGUENTS ~ ~ ort for the preparation of this report came in part from a research grant from Digital Equipment Corporation, from the Defense Advanced Research Projects Agency of the Department of Defense, under office of Naval Research contract N00014-84-K-0124, and f~v~ a research grant from the Wang Corporation.
Read the entire page →
From page 233...
... Patil, Szolovits, and Schwartz, Cat underspin of patient illness In medical diagnosis, Proc Seventh IntI JO Conf on AI, Pp. 893-899, explores the combined Bale of three different kinds of models In diagnostic reason m g.
Read the entire page →

Key Terms

  • common sense
  • design capture
  • fuel cell
  • model selection
  • space station

  • water separator
  • model creation
  • sense knowledge
  • current situation
  • solar max

  • simplifying assumptions
  • software engineering
  • observed symptoms
  • information processing
  • appropriate models

  • fuel cells
  • medical diagnosis
  • potassium hydroxide
  • powerful approach
  • override decision

  • surface tension
  • final result
  • difficulty arises
  • design process
  • research grant

  • human experts
  • mental models
  • visi design
  • reasoning abilities
  • water separation


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.