1、Integrated Design and Analysis Tools for Software Based Control Systems,Principal Investigator: Tom Henzinger Co-Principal Investigator: Edward A. Lee Co-Principal Investigator: Shankar Sastry Program Manager: John Bay Organization: University of California at Berkeley Contract Number: F33615-98-C-3
2、614Boeing subcontract (OCP): Principal Investigator: Edward A. Lee Co-Principal Investigator: Tom Henzinger,Presenters: Edward A. Lee Jie Liu John Koo UC Berkeley,Berkeley SEC Project, San Antonio, 2,Subcontractors and Collaborators,Boeing OCP Georgia Tech blending controllers OGI & Yale embedded vi
3、rtual machine Northrop Grumman multimodal control Vanderbilt/Xerox fault detection/isolation, metamodeling Stanford and SRI modal control systems - softwalls,Berkeley SEC Project, San Antonio, 3,Problem Description and Program Objective,This project concerns the design of multi-agent multi-modal con
4、trol systems, their distributed real-time software implementation, and their formal analysis. As a common foundation we build on the use of heterogeneous hybrid modeling techniques.,Berkeley SEC Project, San Antonio, 4,Technical Approach Summary,Models of computation real-time heterogeneous Applying
5、 theory of component-based design Interface theories (with Mobies) System-level types (with Mobies) Theory of frameworks Hybrid systems theory multi-vehicle architecture integration multi-model control derivation and analysis Software laboratory: Ptolemy II Hardware laboratory: Helicopter UAVs,Berke
6、ley SEC Project, San Antonio, 5,Fault Detection, Isolation, Recovery,Approach: Generalized reflection Demonstration: Cooperative multi-agent control,Reflection is a type theoretic notion of components that make available at run time models of themselves. Classically, these models represent only stat
7、ic type information. Our variant represents dynamics.,One component carries a model of another component that reflects its dynamic behavior,Berkeley SEC Project, San Antonio, 6,Blending Controllers (Collaboration with Georgia Tech),Blending controller architecture enables disciplined transitions bet
8、ween control laws,Berkeley SEC Project, San Antonio, 7,Embedded Virtual Machine (Collaboration with OGI and Yale),The embedded machine or E machine is a virtual, real-time scheduling machineThe E machine has: ports, drivers, tasks, and triggers 3 key instructions + arbitrary control flow instruction
9、sThe E machine provides a platform for generating distributed, real-time scheduling code,Berkeley SEC Project, San Antonio, 8,The Embedded Machine: Three Instructions,Synchronous Execution:,Scheduled Execution:,schedule(t),call(d),Triggering:,enable(g,b),Tick,clk, 20ms,b:,t,d,Berkeley SEC Project, S
10、an Antonio, 9,Portability, Mobility, Real-Time,Portability: no specific hardware mapping, no specific scheduling schemeMobility: dynamic upload/linking of E code; binary application code strictly separatedReal-Time: hard real-time performance,Berkeley SEC Project, San Antonio, 10,Boeing Subcontract:
11、 Open Control Platform - OCP,We are contributing to the future evolution of the OCP by helping to define and refine its semantics, using these semantics in hardware-in-the-loop simulation, and determining how the semantic model interoperates with others, such as FSM (for mode changes) and Giotto (fo
12、r hard-real-time systems). Specific tasks include:Ptolemy II domains that explore OCP semantics. Component interfaces for real-time quality of service. Concurrency management. Solving the precise mode change problem. Interoperation of heterogeneous semantic models.,Berkeley SEC Project, San Antonio,
13、 11,Precise Mode Change Problem,How do you get the processes to a quiescent state to take a mode change?,thread or process,thread or process,thread or process,Jie Liu,Berkeley SEC Project, San Antonio, 12,TM: Timed Multitasking A Model of Computation for Real Time,Previously reported versions were c
14、alled RTOS (real-time operating system) HPM (hierarchical preemptive multitasking) Model of computation with Concurrency Dynamic priorities Improved determinacy (vs. prioritized threads) Simple real-time interface properties Precise mode changes Possibilities for admission control, anytime algorithm
15、s Implementable on the OCP Distributed Real-time CORBA, using event channel,Berkeley SEC Project, San Antonio, 13,Precise Reaction,A precise reaction is a finite piece of computation that depends solely on its trigger.,trigger,finish,computation,quiescent state,responsible trigger,Berkeley SEC Proje
16、ct, San Antonio, 14,Responsible Frameworks,A responsible framework requests that all its components be precisely reactive and triggers these components only with responsible triggers.,Deadlocks can be monitored by examining triggering rules.A model always settles in quiescentstates.Solves priority i
17、nversion problems inpriority-based models.,Berkeley SEC Project, San Antonio, 15,Compositional Precise Reaction,Can we treat a composition of components as an atomic component? Yes, if the framework is responsible.,Berkeley SEC Project, San Antonio, 16,Precise Mode Change Solution,Will the process b
18、e in a quiescent state when we do a mode change? Yes, if the framework is responsible.,Berkeley SEC Project, San Antonio, 17,Benefits,Composable semantics arbitrarily deep hierarchies heterogeneous hierarchiesPrecise mode switching nest FSMs with anything elseReal-time scheduling make RT scheduling
19、policiesindependent of functionality,controller,plant,actuator,dynamics,sensor,task1,task2,TTA,TTA,Hierarchical, heterogeneous, system-level model,Berkeley SEC Project, San Antonio, 18,Examples of Responsible Frameworks,Dataflow with firing Firing rules are responsible trigger conditions. Atomic fir
20、ings are precise reactions. Timed Multitasking Tasks are either nonpreemptable or arbitrarily preemptable. Event-based firing rules are responsible triggers. Split-phase execution and over-run handling to guarantee timing properties. Giotto Time are responsible triggers. Well-defined communication g
21、uarantees precise reaction. Tasks are arbitrarily preemptable.,Berkeley SEC Project, San Antonio, 19,Giotto Periodic Hard-Real-Time Tasks with Precise Mode Changes,t+10ms,t+10ms,t,t,t+5ms,t+5ms,Higher frequency Task,Lower frequency task:,Giotto compiler targets the E Machine Ptolemy II Giotto domain
22、 code generator planned,Berkeley SEC Project, San Antonio, 20,Helicopter Testbeds,Giotto controller for Zurich helicopter written Giotto controller for Berkeley helicopter in progress,Berkeley SEC Project, San Antonio, 21,High Confidence Control Design for UAVs,Hybrid Control Design for Multi-Vehicl
23、e Multi-Modal Systems Multi-modal controller for single vehicle Coordination of multiple vehicles High-Confidence Hybrid Control FDIR capabilities for single (envelope protection, sensor/actuator failures) and multiple vehicles (collision avoidance and conflict resolution) Hierarchical System Design
24、 Based on parallel and serial compositions of models of computation Enabling multiple vehicle corporative control Implementation on OCP,John Koo,Berkeley SEC Project, San Antonio, 22,Technical Approach,Hybrid Control design will be based on a nonlinear helicopter model and nonlinear controllers. Ava
25、ilable for simulation in Ptolemy II and Simulink Hardware-In-the-Loop (HIL) simulation for architecture evaluation is currently under construction. System consists of an embedded controller and an emulator for emulating sensor/dynamics/actuator. Verified/Validated embedded controller will be used fo
26、r controlling a R-Max helicopter.,Berkeley SEC Project, San Antonio, 23,Hierarchical Control of Multi-Modal Systems,Given a continuous control system, a collection of control modes are designedProblem Statement of Mode Switching Does there exist a finite sequence of control modes for satisfying a se
27、t of given reachability specifications?If it does exist, can the switching conditions be determined? When/ Where? Guard/Reset Synthesis What Trajectory? Performance Criteria,Berkeley SEC Project, San Antonio, 24,Computation Offline: Synthesis of control mode graph Reachability and Intersection Onlin
28、e: Synthesis of control switching sequence Reachability on GraphT. J. Koo, G. J. Pappas, and S. Sastry, “Mode Switching Synthesis for Reachability Specifications,” Hybrid Systems: Computation and Control, Lecture Notes in Computer Science, Springer, 2001.,Mode Switching Algorithm for Multi-Modal Con
29、trol,Berkeley SEC Project, San Antonio, 25,Hierarchical Component-Based Design,Hierarchical nesting of compositions of discrete and continuous components At each level of the hierarchy, a Model of Computation (MoC) governs the behaviors and interactions of components,Realization in Ptolemy II,Berkel
30、ey SEC Project, San Antonio, 26,Our Solution: at the level closest to the environment under control, the embedded software needs to be time-triggered for guaranteed safety; at higher levels, an asynchronous hybrid controller design is required.,Implementing a Design in Embedded Software,Question: Ho
31、w to guarantee safety of the embedded system?,Berkeley SEC Project, San Antonio, 27,Ongoing Work,Hardware-In-the-Loop (HIL) simulation for architecture evaluation is currently under construction. System consists of an embedded controller and an emulator for sensor/dynamics/actuator. Verified/Validat
32、ed embedded controller will control an R-Max helicopter.,Berkeley SEC Project, San Antonio, 28,Candidate Real-life Applications (with Northrop-Grumman),Vector off,approach trajectory,waveoff trajectory,waveoff trajectory,To holding pattern,Lead,Wingman,Lead,Wingman,Berkeley SEC Project, San Antonio,
33、 29,Project Tasks/Schedule/Status,Demos done Multi-modal helicopter control model (hybrid system) Fault detection/isolation based on generalized reflection Blending controller (with Georgia Tech) Publish & subscribe using Jini and JavaSpaces Giotto helicopter control for Zurich helicopter Precise mo
34、de changes using TM domain Multi-modal distributed control (with Lego robots) Fundamental contributions Framework theory responsible frameworks precise reactions/mode changes managing heterogeneity models of computation Timed multitasking model of computation Giotto time-triggered model of computati
35、on Multimodal control framework Controller synthesis for safety properties,Berkeley SEC Project, San Antonio, 30,Next Milestones,Future milestones Giotto helicopter control for Berkeley helicopters Hardware-in-the-loop simulation CORBA/OCP event channel interface to the TM domain OCP E Machine reali
36、zation E Machine realizations running hard-real-time code FDIR in hybrid controllers for single/ multiple vehicles Multi-vehicle formation flightAnticipated fundamental contributions Just watch!,Berkeley SEC Project, San Antonio, 31,Technology Transition/Transfer,Classic tech transfer strategy: Copy
37、right Retain intellectual property & leverage the profit motive Radical tech transfer strategy: Copyleft Distribute freely & impose your ideology on others Berkeley tech transfer strategy: Copycenter Take it to the copy center & copy as much as you like.Success of this model: Many companies have bro
38、ught Berkeley research results into the marketplace.,Berkeley SEC Project, San Antonio, 32,Technology Transition/Transfer Near-Term Plans,E Machine pilot implementations will show how to Isolate designers from RTOS platforms Get a coherent semantics in the run-time environment Giotto model of comput
39、ation will show how to Build hard-real-time, periodic, multimodal models Specify real-time requirement (vs. infer real-time behavior) TM model of computation will show how to Build priority-driven multitasking with precise mode changes Ptolemy II version 2.0 release will show how to Get precise mode
40、 changes in a real-time multitasking context Realize multi-modal multi-agent hybrid systems Realize blending controllers Helicopter control models will show how to Hierarchically build autonomous multi-vehicle control systems with hybrid control methods. Work with Northrop-Grumman to transfer methods.,Berkeley SEC Project, San Antonio, 33,Program Issues Employing SEC Technology,Homeland defense softwalls carry on-board 3-D database with “no-fly-zones” enforce in the on-board avionics, based on localization non-networked, non-hackable hybrid, modal controller in embedded software,
