Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.

Integrated Design and Analysis Tools for Software-Based Control Systems

Shankar Sastry (PI)

Tom Henzinger

Edward Lee

University of California, Berkeley

2

1. Model building and checking for hybrid systems

2. Embedded code generation from hybrid models

3. Multi-modal, hierarchical, and multi-vehicle control

4. Probabilistic hybrid systems and fault tolerance

5. Experimental rotorcraft platforms

Research Thrusts

3

1. From Hybrid Systems Models to Embedded Code

1a. Simulink to Giotto to E code

1b. Ptolemy to Embedded Java

2. Multi-vehicle Cooperative Control

Focus of Presentation/Demos

4

Model

Requirements

Platform

Verification

Implementation

5

Model

Requirements

Platform

Verification

Implementation

automatic (model checking)

automatic (compilation)

6

Model

Requirements

Platform

Verification

Implementation property preserving

7

Component

Requirements

Platform

Verification

Implementation

Component

8

Component

Requirements

Platform

Verification

Implementation

Composition

Component

no change

no change

9

A new paradigm to achieve Verifiability and Compositionality: The FLET (Fixed Logical Execution Time) Assumption

Software Task

read sensor input at time t

write actuator output at time t+d, for fixed d

10

Software Task

read sensor input at time t

write actuator output at time t+d, for fixed d

d>0 is the task's "logical execution time"

A new paradigm to achieve Verifiability and Compositionality: The FLET (Fixed Logical Execution Time) Assumption

11

High-Confidence, Compositional Embedded Programming

The control engineer specifies sampling rate d and permissible jitter j to solve the control problem at hand.

The compiler ensures that d and j are met on a given platform (hardware resources and performance). If the compiler succeeds, then the code is time safe; otherwise the program is rejected.

No "priority tweaking"!

12

time t time t+d

possible physical execution on CPU

buffer output

A new paradigm to achieve Verifiability and Compositionality: The FLET (Fixed Logical Execution Time) Assumption

13

output as soon as ready

Contrast the FLET to Standard Practice

14

-predictable timing and data behavior (no race conditions, minimal jitter)

-portable, composable code (as long as the platform offers sufficient performance)

Advantages of the FLET

15

The E(mbedded) Machine:

a virtual machine that executes tasks in real time under the FLET assumption. E (machine) code can be checked for time safetry.

Giotto:

a structured, high-level language for control applications which is compiled into E code.

Implementations of the FLET

UC Berkeley (Henzinger, Horowitz, Kirsch, Majumdar, Matic, Sanvido).

16

UC Berkeley (Horowitz, Liebman, Ma, Koo, Sangiovanni-Vincentelli, Sastry).

A Giotto-Based Flight Control System

17

200 Hz400 Hz

200 Hz 1 kHz

A Giotto-Based Flight Control System

18

1. Concurrent periodic tasks:

-sensing -control law computation -actuating

2. Multiple modes of operation:

-navigational modes (autopilot, manual, etc.) -maneuver modes (taxi, takeoff, cruise, etc.) -degraded modes (sensor, actuator, CPU failures)

A Giotto-Based Flight Control System

19

Mode 1

Mode 4

Mode 3

Mode 2

Task S 400 Hz

Task C 200 Hz

Task A 1 kHz

Task S 400 Hz

Task C 200 Hz

Task A’ 1 kHz

Task C’ 100 Hz

Task A 1 kHz

Task S 400 Hz

Task C 200 Hz

Task A 2 kHz

Task A” 1 kHz

Condition 1.2

Condition 2.1

A Giotto-Based Flight Control System

20

Host code e.g. C

Glue code Giotto

Functionality. -Reactivity.

-Concurrency.

Timing and interaction.-No time.

-Sequential.

A Giotto-Based Flight Control System

21

The Giotto Tool Chain

Simulink Model

Giotto Program for task timing and interaction

C Functions for tasks

E Code Platform Code

Platform (minimal OS + hardware)

E Machineinvokes

S/G Translator

Giotto Compiler

RTW Embedded Coder

C Compiler

S/G Simulator

performance information

guaranteed conformance

(UC Berkeley, U Salzburg)

22

Demo Tomorrow: The Giotto Development Kit

The Giotto Development Kit

1. Giotto Compiler2. Integrated Editor3. E-code Viewer4. E-code Simulator5. Current work:

-E-code analysis for time safety

-E-code optimization

UC Berkeley (Kirsch, Sanvido).

23

Demo Tomorrow: Giotto-Based Embedded Control Examples

An elevator controller: A controller for the Caltech vehicles:

Embedded Java Generation from Ptolemy Models

Steve Neuendorffer

Edward Lee

Case Study: Caltech Vehicles

25

Caltech Vehicles

Wireless 802.11b Network Datagram with vehicle locations

Controller

RS-232 commands to fans

26

A Hierarchical Heterogenous Model

Measured physical parametersDiscrete-event model convenient for events that do not occur at the same time

27

A Hierarchical Heterogenous Model

Data formatting

Fan thrust map

Continuous-time model good for physical hardware dynamics

28

A Hierarchical Heterogenous Model

Synchronous dataflow model convenient for signal processing and discrete-time aspects

29

Stepwise Refinement of Simulation towards Implementation

802.11b

RS-232

30

Hardware-in-the-Loop

802.11b

RS-232

Replace hardware-true simulation model with actual vehicle.

Allows validation of hardware model aspects.

31

Code Generation

802.11b

RS-232

Replace controller simulation with embedded controller.

Embedded Java Platform

32

Directions

Giotto code generation from Ptolemy Verify Giotto programs against hybrid automaton

models Implement Softwalls algorithm on Caltech vehicles

Dynamics similar to 2D aircraft dynamics, but safe for experimentation