Integrated Design and Analysis Tools for Software-Based Control Systems

1. Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley

2. Research Thrusts 1. Model building and checking for hybrid systems 2. Embedded code generation from hybrid models 3. Multi-modal, hierarchical, and multi-vehicle control 4. Probabilistic hybrid systems and fault tolerance 5. Experimental rotorcraft platforms

3. Focus of Presentation/Demos 1. From Hybrid Systems Models to Embedded Code 1a. Simulink to Giotto to E code 1b. Ptolemy to Embedded Java 2. Multi-vehicle Cooperative Control

4. Requirements Verification Model Implementation Platform

5. Requirements Verification automatic (model checking) Model Implementation automatic (compilation) Platform

6. Requirements Verification Model Implementation property preserving Platform

7. Requirements Verification Component Component Implementation Platform

8. Requirements Verification no change Composition Component Component Implementation no change Platform

9. A new paradigm to achieve Verifiability and Compositionality: The FLET (Fixed Logical Execution Time) Assumption Software Task write actuator output at time t+d, for fixed d read sensor input at time t

10. A new paradigm to achieve Verifiability and Compositionality: The FLET (Fixed Logical Execution Time) Assumption Software Task d>0 is the task's "logical execution time" write actuator output at time t+d, for fixed d read sensor input at time t

11. High-Confidence, Compositional Embedded Programming The control engineer specifies sampling rate d and permissible jitter j to solve the control problem at hand. The compiler ensures that d and j are met on a given platform (hardware resources and performance). If the compiler succeeds, then the code is time safe; otherwise the program is rejected. No "priority tweaking"!

12. A new paradigm to achieve Verifiability and Compositionality: The FLET (Fixed Logical Execution Time) Assumption time t time t+d possible physical execution on CPU buffer output

13. Contrast the FLET to Standard Practice output as soon as ready

14. Advantages of the FLET -predictable timing and data behavior (no race conditions, minimal jitter) -portable, composable code (as long as the platform offers sufficient performance)

15. Implementationsof the FLET The E(mbedded) Machine: a virtual machine that executes tasks in real time under the FLET assumption. E (machine) code can be checked for time safetry. Giotto: a structured, high-level language for control applications which is compiled into E code. UC Berkeley (Henzinger, Horowitz, Kirsch, Majumdar, Matic, Sanvido).

16. A Giotto-Based Flight Control System UC Berkeley (Horowitz, Liebman, Ma, Koo, Sangiovanni-Vincentelli, Sastry).

17. A Giotto-Based Flight Control System 200 Hz 400 Hz 1 kHz 200 Hz

18. A Giotto-Based Flight Control System 1. Concurrent periodic tasks: -sensing -control law computation -actuating 2. Multiple modes of operation: -navigational modes (autopilot, manual, etc.) -maneuver modes (taxi, takeoff, cruise, etc.) -degraded modes (sensor, actuator, CPU failures)

19. A Giotto-Based Flight Control System Mode 1 Mode 2 Condition 1.2 Task S 400 Hz Task S 400 Hz Task C 200 Hz Task C 200 Hz Task A’ 1 kHz Task A 1 kHz Condition 2.1 Task A” 1 kHz Mode 3 Mode 4 Task S 400 Hz Task C’ 100 Hz Task C 200 Hz Task A 1 kHz Task A 2 kHz

20. A Giotto-Based Flight Control System Functionality. Timing and interaction. Host code e.g. C Glue code Giotto -No time. -Sequential. -Reactivity. -Concurrency.

21. The Giotto Tool Chain (UC Berkeley, U Salzburg) S/G Simulator Simulink Model S/G Translator RTW Embedded Coder Giotto Program for task timing and interaction C Functions for tasks Giotto Compiler C Compiler E Code Platform Code performance information invokes E Machine guaranteed conformance Platform (minimal OS + hardware)

22. Demo Tomorrow: The Giotto Development Kit • The Giotto Development Kit • Giotto Compiler • Integrated Editor • E-code Viewer • E-code Simulator • Current work: • -E-code analysis for time safety • -E-code optimization • UC Berkeley (Kirsch, Sanvido).

23. Demo Tomorrow: Giotto-Based Embedded Control Examples A controller for the Caltech vehicles: An elevator controller:

24. Embedded Java Generation from Ptolemy Models Steve Neuendorffer Edward Lee Case Study: Caltech Vehicles

25. Caltech Vehicles Wireless 802.11b Network Datagram with vehicle locations Controller RS-232 commands to fans

26. A Hierarchical Heterogenous Model Measured physical parameters Discrete-event model convenient for events that do not occur at the same time

27. A Hierarchical Heterogenous Model Continuous-time model good for physical hardware dynamics Fan thrust map Data formatting

28. A Hierarchical Heterogenous Model Synchronous dataflow model convenient for signal processing and discrete-time aspects

29. Stepwise Refinement of Simulation towards Implementation 802.11b RS-232

30. Hardware-in-the-Loop Replace hardware-true simulation model with actual vehicle. Allows validation of hardware model aspects. 802.11b RS-232

31. Code Generation Replace controller simulation with embedded controller. Embedded Java Platform 802.11b RS-232

32. Directions • Giotto code generation from Ptolemy • Verify Giotto programs against hybrid automaton models • Implement Softwalls algorithm on Caltech vehicles • Dynamics similar to 2D aircraft dynamics, but safe for experimentation