1 / 24

eSimplex Architecture Using MaCS

eSimplex Architecture Using MaCS. Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar. Sampath Kannan Mahesh Viswanathan Insik Shin and many others…. Run-time Formal Analysis.

velika
Download Presentation

eSimplex Architecture Using MaCS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and many others…

  2. Run-time Formal Analysis • Run-time formal analysis ensures the run-time compliance of an execution of a system with its formal requirement. • The analysis validates properties on the current execution of application. • The analysis can • detect incorrect execution of applications • predict error and steer computation • collect statistics of actual execution

  3. System Implementation Monitoring Data Implementation System Filter Event Recognizer + Checker Communication Run-time Check MaCS Methodology System Spec Formal verification Requirement Spec Design

  4. MaCS Asynchronous Control Cycle • Identify safe spots in the implementation to apply steering • Detect violations as they occur and initiate steering • Execute steering actions when it is safe System monitor Checker detect! invoke execute

  5. MaCS Synchronous Control Cycle • In critical situations, asynchronous cycle may not be suffient • Check for violations before critical updates • Pause the system until the checker confirms • Steer if violation occurs System monitor Checker compute update compute update detect! compute execute update invoke

  6. MaCS languages • Run-time state: • control locations • object state • local variables PEDL • Abstract state: • events • conditions • auxiliary variables SADL MEDL

  7. Property checking • A MEDL specification can be seen as an automaton with auxiliary store running on a stream of events provided by the event recognizer aux. variables

  8. Data extraction and event detection • PEDL script • describes monitored objects in the program, statically identifying them in the code • defines events in terms of monitored objects • Technical challenge: • all updates to the monitored objects must be detected

  9. Steering (asynchronous) • SADL script • defines steering actions • identifies locations in the code where the actions can be executed Checker execution Invocation flags invoke test steering conditioni satisfied 0 i n Action bodies 0 steering conditioni satisfied call i n

  10. Instrumentation Information Injector class (Java byte code) MaCS toolset Steering Script (SADL) Monitoring Script (PEDL) Program (Java byte code) Requirements (MEDL) SADL Compiler MEDL Compiler PEDL Compiler Instrumentation Information Filter Generator (JTREK) Compiled MEDL Compiled PEDL Instrumented Code Checker Event Recognizer

  11. Simplex architecture • Simplex (Simple and Complex) architecture allows the insertion of control software on the fly while maintaining system reliability. • It is not possible to test new control software completely. • Developed by Lui Sha, et al. (University of Illinois)

  12. us Safety Decision Module ub u x Baseline Physical System Experimental ue EX x0 SC Equilibrium state BC Overview of Simplex Architecture

  13. g l m q uf M x Inverted Pendulum Hard constraints: State vector: The control problem is solved using LMI and LQR and the linearized dynamics of the system. Soft constraints: • A performance index, e.g., • Relative stability in time domain or frequency domain • Bandwidth The stability region is given by

  14. IP eSimplex implementation Experimental Controller angle, track Device Drivers Decision Module Switching logic volts Safety Controller

  15. eSimplex in MaCS • Goal: • Provide a prototyping framework for control engineers • Separate control design from software engineering • Approach: • A system is an extensible collection of controllers • Monitor switching conditions • Implement controller switches using steering

  16. eSimplex in MaCS Experimental Controller angle, track monitor Device Drivers J N I Decision Module Switching logic volts steer JNI Safety Controller

  17. Java implementation of eSimplex • Controller interface: public interface Controller { public float sendCommand(double angle, double track, double period); } • Decision module: static SafetyController SC = new SafetyController(); static ExternalController EC = new EC1(); static Controller ctr; public void setSC() { ctr = SC; } public void setEC() { ctr = EC; } public int control(long frequency) { angle = nativeGetAngle(); track = nativeGetTrack(); volts = ctr.sendCommand(angle,track,frequency/1000.0); nativeSendCommand (volts); }

  18. Monitoring: IP.pedl MonScr IP export event ev_track_pos,ev_current_angle, ev_volts, startPgm; monobj int DecisionModule.period; monobj float DecisionModule.track; monobj float DecisionModule.angle; monobj float DecisionModule.volts; event startPgm = update(DecisionModule.period); event ev_current_angle = update(DecisionModule.angle); event ev_track_pos = update(DecisionModule.track); event ev_volts=update(DecisionModule.volts); end

  19. Checking: IP.medl • Detecting violations ev_current_angle -> { theta' = value(ev_current_angle,0)/52.29578; thetadot' = (theta' - theta) / 0.040; } ev_track_pos-> { x' = value(ev_track_pos,0)/ 100; xdot' = (x' - x) / 0.040; } condition abnormal = (track_pos' > 40 || track_pos' < -40) || safeVal >= 4 ; event invokeSafeController = start(abnormal) when (controller == 1); event invokeExternalController = start(nTimer'%500 == 0) when (controller == 0); invokeSafeController -> { invoke change2SC(); controller = 0; } invokeExternalController -> { invoke change2EC(); controller = 1; }

  20. Checking: IP.medl • Safety envelope computation event calcSafeVal = ev_volts when (controller == 1); calcSafeVal -> { volts'= value(ev_volts,0); xa_0' = x + 0.00051281 * theta + 0.017961 * xdot + 0.0000026781*thetadot + 0.0003618 * volts'; xa_1' = -1.0056 * theta + 0.0046419 * xdot - 0.020029 * thetadot – 0.00082708 * volts'; xa_2' = 0.049519 * theta + 0.80322 * xdot + 0.00043546 * thetadot + 0.034913 * volts'; xa_3' = -0.55967* theta + 0.44824*xdot - 1.0048*thetadot - 0.079879 * volts'; temp_0' = 37.62 *xa_0' + 58.22 * xa_1' + 17.87 *xa_2' + 11.61 *xa_3' ; temp_1' = 58.22 *xa_0' + 313.16 * xa_1' + 69.36 *xa_2' + 56.09 *xa_3' ; temp_2' = 17.87 *xa_0' + 69.36 * xa_1' + 29.81*xa_2' + 14.81*xa_3' ; temp_3' = 11.61 *xa_0' + 56.09 * xa_1' + 14.81 * xa_2' + 12.04*xa_3' ; safeVal' = xa_0'*temp_0' + xa_1'*temp_1' + xa_2'*temp_2' + xa_3'*temp_3'; }

  21. Steering: IP.sadl steering script IP steered objects DecisionModule IP:dm; float DecisionModule:volts; steering action change2EC= { call (IP:dm).setEC(); } before read DecisionModule:volts; steering action change2SC= { call (IP:dm).setSC(); } before read DecisionModule:volts; end

  22. Demonstration • Checker detects violations when the experimental controller is running • Switches to safe controller when a violation is detected • After fixed time switches back to the experimental controller • A terribly bad experimental controller • Sends constant output to the motor regardless of the situation

  23. Experimental results • MaCS can successfully detect safety violations in eSimplex and force switching to the safety controller • Keeps the pendulum upright even if the experimental controller fails completely • Turnaround time for the detection/steering cycle is significantly smaller than the eSimplex control cycle • synchronous steering is possible

  24. Future directions • Implement synchronous steering • Extend SADL to have both synchronous and asynchronous actions • Modify instrumentation to pause the program • Note that steering is now tied to specific updates • Coordination with PEDL may be needed • MaCS on real-time Java • Distributed MaCS

More Related