SEC Kickoff - 1

Integrated Design and Analysis Tools for Software-based Control Systems Software Enabled Control Lead Investigators

Shankar SastryEdward A. LeeTom HenzingerAlberto Sangiovanni-VincentelliOther Investigators Luca Berardi Luca de Alfaro Magnus Egerstedt Laurent El Ghaoui Ben Horowitz Karl Johansson John Koo Jie Liu Xiaojun Liu John Lygeros Rupak Majumdar George Pappas Santosh Philip Claudio Pinello Maria Prandini Shahid Rashid Jean-Francois Raskin Shawn M. Schaffert Hyunchul Shim Bruno Sinopoli Slobodan Simic Rene Vidal

OCP Participation SummaryUC Berkeley

SEC Kickoff - 2

Objectives• OCP participation

– “run-time support methods for hybrid and multi-modal systems.”• Component architectures

– maintain efficiency– compose properties

• Understand designs– reduce reliance on simulation– correct-by-construction implementations– rely on pre-proven frameworks

• Orthogonalize concerns– regimes of operation– federated coordination

SEC Kickoff - 3

Trajectory Plan• Study group (weekly++):

– ...– 9/7 CORBA (part I) -- Concepts – 9/9 CORBA (part II) -- Java IDL– 9/14 TAO and Quality of Service in CORBA – 9/17 RT-IDL and Scheduling for Embedded Systems – 9/21 Case Study -- Helicopter Control Systems – 9/28 Real-time Operating Systems -- QNX/PSOS/VxWorks – 10/5 The Time-Triggered Architecture– 10/12 Timed Automata Verification – 10/19 Planning for kickoff meeting– ...

• Architecture for Berkeley AERobots (BEAR) project

• (RT) Corba experimental platform

SEC Kickoff - 4

NovAtel DGPS Ground Station

BEAR Research Platform

LabWindows GUI

Silicon Graphics PC

Ground Monitoring System

WaveLanAccesspoint

WaveLAN: T. John KooPioneer mobile rotot: Omid Shakernia, Frank HoffmanPitching deck landing pad: Tulio

ethernet

ethe

rnet

Wireless ethernet

Wireless ethernet

Wireless ethernet

UAV’s

Landing Deck

Ground Mobile Robots

thanks to: David H. Shim

SEC Kickoff - 5

Ursa Minor3

Navigation computer

GPSAntenna

Boeing DQI-NPon fluid mounting

Length: 1.4m Width: 0.39mHeight: 0.47mWeight: 9.4 kgEngine Output: 2.8 bhpRotor Diameter: 1.5mFlight time: 15 minSystem operation time: 30 min

Wireless Modem

Radio Receiver

GPS Card

thanks to: David H. Shim

SEC Kickoff - 6

1. Ursa Magnus 2: Boeing DQI-NP based system

W/L Modem 1-Data Download

NovAtel GPSRT-2

CPU P-233

RS-232

CTC T/O Board ServoSystem

LongitudinalLateral

Main CollectiveTail Collective

Engine Throttle

Power Board Li-Ion Batt

PC-104 Stack

64MB RAM

W/L Modem 1-Data Download

W/L Modem 2-Differential GPS

NovAtel GPSRT-2

CPU Penitum 233MMX

RS-232

CTC T/O Board ServoSystem

LongitudinalLateral

Main CollectiveTail Collective

Engine Throttle

Power Board Li-Ion Batt

PC-104 Stack

Boeing DQI-NP

RS23

2

RS232

RS23

2

RS23

2

RS23

2

Navigation Hardware (Ursa Magnus)

Compass

85MB Flash Disk

Ethernet

WaveLANWireless Ethernet

thanks to: David H. Shim

running QNX

SEC Kickoff - 7

OCP = Component-Based Design

Backplane approach:

softwarecomponents hardware

components

OCP

RT CORBAinterface

First principle: We seek software architectures for modular construction of distributed control systems.

SEC Kickoff - 8

Run-Time ModelsKey issue: What interface to expose at the OCP level?

•OO methods?•Event notification?•Irregular or low rate?•Wrappers for legacy components?

softwarecomponents wrapper

component

OCP

COTShardwarecomponent

Interface definition depends on the model of computation.

SEC Kickoff - 9

Model of Computation• Component ontology

– processes? objects? procedures?– reactive? active? passive?

• Component epistemology– visibility of other components– global information, such as time– reflection and introspection

• Interaction protocols – synchronization? push? pull?– delivery guarantees

• Interaction lexicon– vocabulary of messages– type system

A model of computation is the ontology and epistemology of components together with the protocols and lexicon of their interaction.

SEC Kickoff - 10

CORBA• CORBA provides

– distributed objects with location transparency– synchronous (two way) remote method invocation– asynchronous (one way) remote method invocation– deferred synchronous invocation (at higher cost)

• COS/CES event channel provides:– asynchronous notification– publish & subscribe

• RT event service:– prioritized dispatching– periodic event processing– active consumers and suppliers

SEC Kickoff - 11

Presumed Model of Computation• Component ontology

– Objects (CORBA) and processes (TAO)

• Component epistemology– publish & subscribe, with event filtering– time is reduced to priorities

• Interaction protocols – few constraints … anything is possible.

• Interaction lexicon– CORBA method arguments, return values

Similar to Linda and JavaSpaces, but with real-time extensions.

SEC Kickoff - 12

Draft Static Structure of a Helicopter

GPS

#synchronizeINS(ins : INS)INS

+neuAcceleration() : float[]+neuVelocity() : float[]+pitchRollYaw() : float[]+setLocation(location : Location)+xyzPosition() : float[]+xyzVelocity() : float[]

-location : float[]-velocity : float[]-acceleration : float[]

Compass

+heading() : float

HeightM eter

+distanceToGround() : float

Engine

+rpm() : float+setRotorTilt(tilt : float)+setThrust(thrust : float)+setTailRotorThrust(thrust : float)+temperature() : float

+TEMPARTURE_ALARM : CorbaEvent

FlightController

+initialize()+execute(cmd : FlightCommand) : boolean+getInertialData() : Inertia

FlightCommand

+action : CommandAction+destination : Location+deadline : float

Location

+latitude : float+longitude : float+altitude : float

Navigation

+initialize()+getLocation() : Location+reset()

-location : float[]

call getInertialData() at 50 Hz

call setLocation() at 1 Hz

«Interface»Runnable

+run()

at initialization, call heading()

EventChannel

+addEventListener(listener : EventListener)+addEventListener(listener : EventListener, mask : EventMask)+postEvent(event : CorbaEvent)

CommandAction

+CLIMB : CommandAction+FLY_TO : CommandAction+LAND : CommandAction+TAKE_OFF : CommandAction+... : ...

«Interface»EventListener

+notifyOfEvent(event : CorbaEvent)

NOTE: EventChannelmediates most of the

communications. Onlysome show this explicitly.

SEC Kickoff - 13

Event Examples• initialize GPS• initialize INS• issue flight command• GPS re-initialize INS (at 1 Hz)• flight control reacts to INS data (at 50 Hz)• sensors notify of landing• height meter publishes distance to ground

Excluded• servo loops (control laws)• all fine-grain interaction• all continuous interaction

SEC Kickoff - 14

Hierarchical Component-Based Design

Use different interaction mechanisms at the various levels.

SEC Kickoff - 15

Alternative Component Interactions

• Hybrid systems– hierarchical nesting of automata and ODEs– is the event channel relevant? How to use it?

• Modal models– hierarchical nesting of automata and anything

else– are mode changes events in the event channel?

• Hard-real-time models– event channel seems more suited to notification

of irregular events than to sampled-data signals.How can we extend architectural principles to these alternative models?

SEC Kickoff - 16

Relevant Models of Computation• Publish and subscribe (Linda, JavaSpaces)• Transition systems, state machines...• Synchronous-reactive systems (SR)• ODEs and PDEs (continuous dynamics)• Discrete time (difference equations)• Discrete-event systems (DE, VHDL, Verilog)• Sequential processes with rendezvous (CSP)• Process networks (Kahn)• Dataflow (Dennis)• ...

SEC Kickoff - 17

Proposal• Identify a small suite of MoCs useful for

distributed control system design– one will not be enough– architecture at all levels

• Study inter-domain semantics– verifiability– comprehensibility

• Emphasize what is common across MoCs– abstract syntax for component architecture– semantic commonalities (such as type systems)

SEC Kickoff - 18

Generic Component Architecture(an abstract syntax)

PortPort

Entity EntityL ink

Relation

Entity

Port

connection

connection

conn

ectio

n

L ink

Link

For CORBA, relations mediate name service, event channel, and RPC functions.

The OCP effort should first agree on an abstract syntax.

SEC Kickoff - 19

Hierarchy & Abstraction

toplevel Com positeEntity

transparent Com positeEntity

A tom icEntity

Relationdangling

transparentPort

transparentPort

opaque Port

Ideally, aggregations of components behave like primitive components.

homosemantic composition.

SEC Kickoff - 20

Sequential Composition is Homosemantic

• Statements in imperative languages• Procedures• Objects• State machines• Transition systems

• Processes and threads are not homosemantic

SEC Kickoff - 21

Abstract SemanticsData transport•broadcast•publish & subscribe•multicast•push/pull•messages or RPC•synchronization•delivery guarantees•typing•polymorphism

Actor

IOPort IORelation

P2P1

E1

E2

send(0 ,t) rece iver.put(t) get(0)

token tR 1

Basic Transport:

Receiver(inside port)

The OCP effort should focus on defining its abstract semantics - independent of an implementation, what behavior do we want in component interactions?

SEC Kickoff - 22

Key Points• Heterogeneous hierarchical models can isolate

certain sources of complexity, e.g. separating modes from dynamics or events from dynamics.

• Consistent use of input/output views of component models facilitates their hierarchical composition (and is consistent with an event-channel transport mechanism).

• At all levels, there is a component architecture. Share infrastructure.

SEC Kickoff - 23

Mission Plan• OCP participation (Repeated)

– “run-time support methods for hybrid and multi-modal systems.”

• Understand application area– software architecture perspective.

• Realize event-level architecture– characterize intercomponent interaction semantics.

• Realize multi-level architecture– characterize interlevel semantics.

• Develop validation methods.– coupled with intercomponent interaction semantics

SEC Kickoff - 24

Conclusions• We are about component based design of

real-time, safety-critical control systems.

• Dialog should be about models of computation and component architectures.

• Agreement should be about abstract syntax, abstract semantics (first).