Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems

- Project Overview -

Janos SztipanovitsISIS-Vanderbilt University

MURI Year 3 Review MeetingFrameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control SystemsUC Berkeley, Berkeley, CADecember 2, 2009

2

Team

Vanderbilt Sztipanovits (PI), Karsai, Kottenstette, Neema

Porter, Hemingway, Nile UC Berkeley

Tomlin (PI), Lee, Sastry, Ding, Gillula, Gonzales, Huang, Leung, Lickly, Mahdl, Latronico, Shelton, Tripakis, Vitus

CMU Krogh (PI), Clarke, Platzer

Jain, Lerda, Bhave, Maka Stanford

Boyd (PI)Wang

3

• Development of a theory of deep composition of hybrid control systems with attributes of computational and communication platforms • Development of foundations for model-based software design for high-confidence, networked embedded systems applications. • Composable tool architecture that enables tool reusability in domain-specific tool chains• Experimental research

Long-Term PAYOFF: Decrease the V&V cost of distributed embedded control systems

Objectives

4

Agenda9:00 – 9:05 am Introductions9:05 - 9:15 am Project Overview

Janos Sztipanovits9:15 – 10:00 am Overview of Hybrid Control Design Challenges and Solutions

Claire Tomlin and Shankar Sastry10:00 – 10:45am Model-Integrated Tool Chain for High Confidence Design

Gabor Karsai, Joe Porter, Graham Hemingway and Janos Sztipanovits 10:45 - 11:00am Break 11:00 – 11:45 am Correctly Composing Components: Ontologies and Modal Behaviors

Edward Lee11:45 – 12:45pm Model-based Testing and Verification

Edmund Clarke, Bruce Krogh, Andre Platzer 12:45 – 1:45pm Lunch

1:45 – 2:15 pm Performance Bounds and Suboptimal Policies for Linear Stochastic ControlYang Wang and Stephen Boyd

2:15 – 2:45 pm Constructive Non-linear Control Design With Applications to Quad-Rotor and Fixed-Wing AircraftNicholas Kottenstette

2:45 – 3:30 pm Starmac Experimental Platform DemoClaire Tomlin and Shankar Sastry

3:30 – 3:45 pm Plans for Year 4&5Janos Sztipanovits 3:45 - 4:00 pm Break 4:00 – 4:30 pm Government Caucus4:30 – 4:45 pm Feedback to the Research Team

5

Overall Undertaking

Scope of the Project: Development of component technologies in selected areas Development of model-based design methods Incrementally building and refining a tool chain for an experimental domain

(micro UAV control) Demonstration of control software development with the tool chain Experiments

Model-Based Design

Plant Models and

Requirements

Controller Modeling

System-LevelModeling

SW Architecture

Modeling

DeploymentModeling

Code

X ExpensiveIntractableFragile

6

Composition Inside Abstraction Layers

Plant DynamicsModels

Controller Models

Dynamics: • Properties: stability, safety, performance• Abstractions: continuous time, functions,

signals, flows,…Physical design

1( ) ( ( ),..., ( ))p jB t B t B t

SoftwareArchitecture

Models

Software Component

CodeSoftware design

Software : • Properties: deadlock, invariants, security,…• Abstractions: logical-time, concurrency, atomicity, ideal communication,..

1( ) ( ( ),..., ( ))c kB i B i B i

System Architecture

Models

ResourceManagement

ModelsSystem/Platform Design

Systems : • Properties: timing, power, security, fault tolerance• Abstractions: discrete-time, delays, resources, scheduling,

1( ) ( ( ),..., ( ))j p i k iB t B t B t

Assumption: Effects of digital implementation can be neglected

Assumption: Effects of platform properties can be neglected

7

Composition Inside Abstraction Layers

Plant DynamicsModels

Controller Models

Physical design

SoftwareArchitecture

Models

Software Component

CodeSoftware design

System Architecture

Models

ResourceManagement

ModelsSystem/Platform Design

Controller dynamics is developedwithout considering implementation uncertainties (e.g. word length, clock accuracy ) optimizing performance.

Software architecture models are developed without explicitly consideringsystems platform characteristics, eventhough key behavioral properties depend on it.

Platform architectrue defines platform configuration, resource management, networking,. Uncertainties introduce time variant delays that may require re-verification of key properties on all levels.

Assumption: Effects of digital implementation can be neglected

Assumption: Effects of platform properties can be neglected

X

X

8

Model-Based Design

Plant Models and

Requirements

Funcion (Controller) Modeling

System-LevelModeling

SW Architecture

Modeling

DeploymentModeling

Code

Improve Robustness of Controllers Against Implementation Uncertainties

How should we increase robustness in controller design?– Robust hybrid and embedded systems design (Tomlin, Sastry)– Performance bounds for constrained linear stochastic control

(Boyd, Wang)– Constructive nonlinear control design (Kottenstette, Porter)

Controller Design

9

Model-Based Design

Plant Models and

Requirements

Funcion (Controller) Modeling

System-LevelModeling

SW Architecture

Modeling

DeploymentModeling

Code

Verification and Testing

How can we exploit heterogeneous abstractions in verification and test generation? – Model-based testing and verification of embedded systems

implementations (Clarke, Platzer)– Statistical Probabilistic Model Checking (Zuliani, Clarke)

V&V

10

Model-Based Design

Plant Models and

Requirements

Funcion (Controller) Modeling

System-LevelModeling

SW Architecture

Modeling

DeploymentModeling

Code

Model-based code generation (2008)

From ModelsTo Code

How to design high-confidence software and systems?– Model-based code generation with partial evaluation (Zhou,

Leung, Lee)– Model-based code generation with graph transformation

(Karsai)

(Last year results, they are built in the tools.)

11

Model-Based Design

Plant Models and

Requirements

Funcion (Controller) Modeling

System-LevelModeling

SW Architecture

Modeling

DeploymentModeling

Code

Progress towards integrated model-based design flow

How can we integrate model-based design flows? – Correctly composing components (Lee)– Model-integrated tool chain for high confidence design

(Karsai, Porter, Hemingway, DeBusk and Sztipanovits)– StarMac Experimental platform (Tomlin, Sastry)

PRISMMeta-Model

ECSL-DP Meta-Model

AIRESMeta-Model

CFGMeta-Model

PRISMESML

ESML- CFG

ESML AIFModel-Based Design

12

Starmac Experimental PlatformQuadrotor aircraft developed by co-PI Claire Tomlin

Requires integration of legacy and custom components.

1313

Experimental Set Up

A mobile sensor network:– A set of vehicles, each with a set of sensors for its own

navigation and control, as well as for sensing its environment (such as target range or bearing)

– Computation is distributed, and limited to the processors on board the vehicles (no central computer)

– Communication between subsets of vehicles (limited by range or geography) available

– Collision avoidance needed between vehicles– Humans share control with automation

Focus on algorithms for autonomous search:– Unexploded ordinance detection– Beacon tracking scenarios– RFID tracking– Survey of disaster areas– Search and rescue– Biological studies, animal monitoring

14

Accomplishment Highlights 1/2

New results in hybrid control system design using reachable set analysis. Methodology for computing reachable sets using quantized inputs over discrete time steps has been developed and implemented for an aircraft collision avoidance example. (Tomlin, Sastry)

Use of reachable set analysis in complex control law design. (Tomlin) We have extended our approach for integrated software model checking in

the loop to the case of nonlinear dynamic plant models using the concept of bisimulation functions for nonlinear systems (Krogh) (not presented at the review)

New algorithm for the formal verification of curved flight collision avoidance (Clarke, Platzer)

New algorithm and method for statistical probabilistic model checking and its application to Simulink/Stateflow models (Clarke, Zuliani)

Extension of passivity based approach for controller design to fixed-wing aircrafts. (Kottenstette)

15

Accomplishment Highlights 2/2

New results in introducing ontology information using Hindley-Milner type theories in modeling environments (Lee)

New results in handling time in hierarchical modal models (Lee) Integrated tool chain for model-based generation of embedded flight

controller on distributed computing platform. Guaranteed stability against implementation induced timing uncertainties and verified schedulability on time-triggered platform.

Demonstration of roundtrip engineering between physical and implementation layers: physical models are used for code generation and implementation models are used for updating physical models.

Demonstration of practical use of reachable set analysis in acrobatic maneuver design and multi-vehicle collision avoidance for the STARMAC quadrotor helicopter testbed.

16

Collaboration

The team members work together extensively in many areas in this project and outside of the project

Many examples for joint work among research teams

Forms of collaborations:– Bi-weekly/monthly telecons– Researcher and graduate student visits– Free flow of ideas, methods and tools

17

Transitioning The Ptolemy II source tree now is available via CVS. The team

actively works on transitioning research results to the following companies :

Lockheed Martin National Instrument

Vanderbilt’s MIC tool suite (GME, GReAT, UDM, OTIF) had a major release in 2009. GME supports now large scale model management and concurrent modeling. The releases are available through the ISIS download site.

Vanderbilt continued working with GM, Raytheon, LM and BAE Systems research groups on transitioning model-based design technologies into programs.

Vanderbilt continued working with Boeing’s FCS program on applying the MIC tools for precise architecture modeling and systems integration.

Active collaboration with TTTech, University of Vienna. Collaboration started with VERIMAG.on integrating BIP in the tool chain.

UC Berkeley’s reachable set tools are transitioned to the following institutions:

Microsoft Research NASA Ames

18

Plans for Years 4&5 Networked Control System Design

– Distributed control/multi agent systems– Dynamic state estimation and mode switching– Robustness against network effects– More realistic channel models– Managing effects from network layer

Verification and Testing– Generation of formal representations from models– Order reduction using hybrid bisimulation– Compositional specification of heterogeneous components

Tools– Integrated, heterogeneous tool chains – Complete path from virtual prototyping to physical implementation– Additional design aspects: fault management, bridge to security

Experiments – Extension of scope and complexity

19

FUNDING ($K)—Show all funding contributing to this projectFY06 FY07 FY08 FY09 FY10 FY11

AFOSR Funds 479 986 989 547Option 465 995 529

TRANSITIONS• Strong link to industry: Boeing, BAE Systems, Raytheon, GM,

MathWorks, National Instruments, TTTech• Industry affiliate programs: CHESS, ESCHER, GMLab.

STUDENTS, POST-DOCS• 9 graduate students (MURI) + student groups from other

projects

LABORATORY POINT OF CONTACT Dr William M. McEneaney, AFRL/AFOSR Dr Fariba Fahroo, AFRL/AFOSR Dr. David B. Homan , Civ AFRL/RBCC, WPAFB, OH

APPROACH/TECHNICAL CHALLENGES

• Guaranteed behavior of distributed control software using the following approaches: (1) extension of robust controller design to selected implementation error categories (2) providing “certificate of correctness” for the controller implementation (3) development of semantic foundation for tool chain composition (4) introducing safe computation models that provide behavior guarantees

ACCOMPLISHMENTS/RESULTS See Presentations

Long-Term PAYOFF: Decrease the V&V cost of distributed embedded control systems OBJECTIVES• Development of a theory of deep composition of hybrid control systems with attributes of computational and communication platforms • Development of foundations for model-based software design for high-confidence, networked embedded systems applications. • Composable tool architecture that enables tol reusability in domain-specific tool chains• Experimental research

Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems

if (inactiveInterval != -1) { int thisInterval = (int)(System.currentTimeMillis() - lastAccessed) / 1000;

if (thisInterval > inactiveInterval) { invalidate();

ServerSessionManager ssm = ServerSessionManager.getManager();

ssm.removeSession(this); } } }

private long lastAccessedTime = creationTime;

/** * Return the last time the client sent a

ModelTransformation

Modeling LanguagesModels

Model TranslatorsModel-based Code Generators

Analysis toolsPlatforms

Control DesignImplementation Design

20

WiFi802.11b

≤ 5 Mbps

ESC & MotorsPhoenix-25, Axi 2208/26

IMU3DMG-X1

76 or 100 Hz

RangerSRF08

13 Hz Altitude

GPSSuperstar II

10 Hz

I2C400 kbps

PPM100 Hz

UART19.2 kbps

RobostixAtmega128

Low level control

UART115 kbps

CF100 Mbps

Stereo CamVidere STOC

30 fps 320x240

Firewire480 Mbps

UART115 Kbps

LIDARURG-04LX

10 Hz ranges

RangerMini-AE

10-50 Hz Altitude

BeaconTracker/DTS

1 Hz

WiFi802.11g+

≤ 54 Mbps

USB 2480 Mbps

RS232115 kbps

Timing/Analog

Analog

RS232

UART

Stargate 1.0Intel PXA255

64MB RAM, 400MHzSupervisor, GPS

PC/104Pentium M

1GB RAM, 1.8GHzEst. & control

Start with controller

Expand to supervisor

Finally to host

Starmac Platform

21

Platform Extensions

TTTech

MPC 555 micros TTP/C comm TTTech Software tools Fault-tolerance

Soekris

Linux w/ 3xEthernet TT Virtual Machine on

standard UDP and Linux No fault tolerance (yet)

Gumstix