Integrated Design and Analysis Tools for SoftwareBased Control Systems

1
Integrated Design and Analysis Tools for
Software-Based Control Systems

• Shankar Sastry (PI)
• Tom Henzinger
• Edward Lee
• University of California, Berkeley

2
Research Thrusts
1. Model building and checking for hybrid
systems 2. Embedded code generation from hybrid
models 3. Multi-modal, hierarchical, and
multi-vehicle control 4. Probabilistic hybrid
systems and fault tolerance 5. Experimental
rotorcraft platforms
3
Focus of Presentation/Demos
1. From Hybrid Systems Models to Embedded
Code 1a. Simulink to Giotto to E code 1b.
Ptolemy to Embedded Java 2. Multi-vehicle
Cooperative Control
4
Requirements
Verification
Model
Implementation
Platform
5
Requirements
Verification
automatic (model checking)
Model
Implementation
automatic (compilation)
Platform
6
Requirements
Verification
Model
Implementation
property preserving
Platform
7
Requirements
Verification
Component
Component
Implementation
Platform
8
Requirements
Verification
no change
Composition
Component
Component
Implementation
no change
Platform
9
A new paradigm to achieve
Verifiability and
Compositionality
The FLET
(Fixed Logical Execution Time) Assumption
Software Task
write actuator output at time td, for fixed d
read sensor input at time t
10
A new paradigm to achieve
Verifiability and
Compositionality
The FLET
(Fixed Logical Execution Time) Assumption
Software Task
write actuator output at time td, for fixed d
dgt0 is the task's "logical execution time"
read sensor input at time t
11
High-Confidence, Compositional Embedded
Programming
The control engineer specifies sampling rate d
and permissible jitter j to solve the control
problem at hand. The compiler ensures that d and
j are met on a given platform (hardware resources
and performance). If the compiler succeeds, then
the code is time safe otherwise the program is
rejected. No "priority tweaking"!
12
A new paradigm to achieve
Verifiability and
Compositionality
The FLET
(Fixed Logical Execution Time) Assumption
time t
time td
possible physical execution on CPU
buffer output
13
Contrast the FLET to Standard Practice
output as soon as ready
14
Advantages of the FLET
-predictable timing and data behavior
(no race conditions, minimal jitter) -portable,
composable code (as long as the platform
offers sufficient performance)
15
Implementations of the FLET
The E(mbedded) Machine a virtual machine that
executes tasks in real time under the FLET
assumption. E (machine) code can be checked for
time safetry. Giotto a structured, high-level
language for control applications which is
compiled into E code.
UC Berkeley (Henzinger, Horowitz, Kirsch,
Majumdar, Matic, Sanvido).
16
A Giotto-Based Flight Control System
UC Berkeley (Horowitz, Liebman, Ma, Koo,
Sangiovanni-Vincentelli, Sastry).
17
A Giotto-Based Flight Control System
200 Hz
400 Hz
200 Hz
1 kHz
18
A Giotto-Based Flight Control System
1. Concurrent periodic tasks -sensing


-control law computation

-actuating 2. Multiple
modes of operation -navigational modes
(autopilot, manual, etc.)
-maneuver modes (taxi,
takeoff, cruise, etc.)
-degraded modes (sensor,
actuator, CPU failures)
19
A Giotto-Based Flight Control System
Mode 1
Mode 2
Condition 1.2
Task S 400 Hz
Task S 400 Hz
Task C 200 Hz
Task C 200 Hz
Task A 1 kHz
Task A 1 kHz
Condition 2.1
Task A 1 kHz
Mode 4
Mode 3
Task S 400 Hz
Task C 100 Hz
Task C 200 Hz
Task A 1 kHz
Task A 2 kHz
20
A Giotto-Based Flight Control System
Functionality.
Timing and interaction.
Host code e.g. C
Glue code Giotto
-Reactivity.
-Concurrency.
-No time. -Sequential.
21
The Giotto Tool Chain
(UC Berkeley, U Salzburg)
S/G Simulator
Simulink Model
S/G Translator
RTW Embedded Coder
Giotto Program for task timing and interaction
C Functions for tasks
Giotto Compiler
C Compiler
E Code
Platform Code
performance information
invokes
E Machine
guaranteed conformance
Platform (minimal OS hardware)
22
Demo Tomorrow
The Giotto Development Kit

• The Giotto Development Kit
• Giotto Compiler
• Integrated Editor
• E-code Viewer
• E-code Simulator
• Current work
• -E-code analysis for time safety
• -E-code optimization
• UC Berkeley (Kirsch, Sanvido).

23
Demo Tomorrow Giotto-Based Embedded Control
Examples
A controller for the Caltech vehicles
An elevator controller
24
Embedded Java Generation from Ptolemy Models

• Steve Neuendorffer
• Edward Lee
• Case Study Caltech Vehicles

25
Caltech Vehicles
Wireless 802.11b Network Datagram with vehicle
locations
Controller
RS-232 commands to fans
26
A Hierarchical Heterogenous Model
Measured physical parameters
Discrete-event model convenient for events that
do not occur at the same time
27
A Hierarchical Heterogenous Model
Continuous-time model good for physical hardware
dynamics
Fan thrust map
Data formatting
28
A Hierarchical Heterogenous Model
Synchronous dataflow model convenient for signal
processing and discrete-time aspects
29
Stepwise Refinement of Simulation towards
Implementation
802.11b
RS-232
30
Hardware-in-the-Loop
Replace hardware-true simulation model with
actual vehicle. Allows validation of hardware
model aspects.
802.11b
RS-232
31
Code Generation
Replace controller simulation with embedded
controller.
Embedded Java Platform
802.11b
RS-232
32
Directions

• Giotto code generation from Ptolemy
• Verify Giotto programs against hybrid automaton
  models
• Implement Softwalls algorithm on Caltech vehicles
• Dynamics similar to 2D aircraft dynamics, but
  safe for experimentation