Child nodes:
The robot is performing tasks with radiological hazards which are below the onsite and offsite BSL (ONR TAG 094).
The robot collision avoidance system is composed of:
Therefore, the (autonomous) control system and its attendant sensors and actuators (items 1 to 4) are part of a SIS of which the collision avoidance is a SIF.
However, due to the inability to justify the safety of the Image Classifier (1), the (Complex) Collision Sensor (2) is used as an additional diverse proximity sensor.
The limit on the complexity of item 3 encoded in Gwendolen is the length of time to verify; >100,000 states and the verification could take longer than 24 h. To estimate the number of states used, sum the number of incoming predicates (events) needed to be handled with the number of actions appearing in plans and take that sum to the power of 2. e.g. if the number of events plus the number of actions is more than 16 the verification time is likely to be >24 h, unless start structuring the verification environment. The corollary to this limit on complexity is that Gwendolyn AI is constrained to deployments with a small number of less complex decisions. e.g. where it is limited to high level decision making tasks (the case for this robot, where the image classifier (1) is making complex decisions).
The logic in item 3 is designed such that the information from item 1 and 2 are used to make a single decision regarding the potential for a collision (1oo2 voting system). In this way the intelligent control system has the option to steer away from the obstacle (by keeping one propeller rotating and reversing the other).
This is described further in The architecture and algorithms have been designed such that the hazard is mitigated
NB.