Frameworks and Tools for High-Confidence Design of Adaptive

Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems - Project Overview - Janos Sztipanovits ISIS-Vanderbilt University MURI Year 3 Review Meeting Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems UC Berkeley, CA December 2, 2009

Team ¢ Vanderbilt l ¢ UC Berkeley l ¢ Tomlin (PI), Lee, Sastry, Ding, Gillula, Gonzales, Huang, Leung, Lickly, Mahdl, Latronico, Shelton, Tripakis, Vitus CMU l ¢ Sztipanovits (PI), Karsai, Kottenstette, Neema Porter, Hemingway, Nile Krogh (PI), Clarke, Platzer Jain, Lerda, Bhave, Maka Stanford l Boyd (PI) Wang 2

Objectives • Development of a theory of deep composition of hybrid control systems with attributes of computational and communication platforms • Development of foundations for model-based software design for high-confidence, networked embedded systems applications. • Composable tool architecture that enables tool reusability in domain-specific tool chains • Experimental research Long-Term PAYOFF: Decrease the V&V cost of distributed embedded control systems 3

Agenda 9: 00 – 9: 05 am 9: 05 - 9: 15 am 9: 15 – 10: 00 am 10: 00 – 10: 45 am 10: 45 - 11: 00 am 11: 00 – 11: 45 am 11: 45 – 12: 45 pm 12: 45 – 1: 45 pm 1: 45 – 2: 15 pm 2: 15 – 2: 45 pm 2: 45 – 3: 30 pm 3: 30 – 3: 45 pm Janos Sztipanovits 3: 45 - 4: 00 pm 4: 00 – 4: 30 pm 4: 30 – 4: 45 pm Introductions Project Overview Janos Sztipanovits Overview of Hybrid Control Design Challenges and Solutions Claire Tomlin and Shankar Sastry Model-Integrated Tool Chain for High Confidence Design Gabor Karsai, Joe Porter, Graham Hemingway and Janos Sztipanovits Break Correctly Composing Components: Ontologies and Modal Behaviors Edward Lee Model-based Testing and Verification Edmund Clarke, Bruce Krogh, Andre Platzer Lunch Performance Bounds and Suboptimal Policies for Linear Stochastic Control Yang Wang and Stephen Boyd Constructive Non-linear Control Design With Applications to Quad-Rotor and Fixed-Wing Aircraft Nicholas Kottenstette Starmac Experimental Platform Demo Claire Tomlin and Shankar Sastry Plans for Year 4&5 Break Government Caucus Feedback to the Research Team 4

Overall Undertaking Plant Models and Requirements SW Architecture Modeling Code Model-Based Design Controller Modeling System-Level Modeling Deployment Modeling X Expensive Intractable Fragile Scope of the Project: ¢ Development of component technologies in selected areas ¢ Development of model-based design methods ¢ Incrementally building and refining a tool chain for an experimental domain (micro UAV control) ¢ Demonstration of control software development with the tool chain ¢ Experiments 5

Composition Inside Abstraction Layers Plant Dynamics Models Controller Models Physical design Dynamics: • Properties: stability, safety, performance • Abstractions: continuous time, functions, signals, flows, … Assumption: Effects of digital implementation can be neglected Software Architecture Models Software Component Code Software design Software : • Properties: deadlock, invariants, security, … • Abstractions: logical-time, concurrency, atomicity, ideal communication, . . Assumption: Effects of platform properties can be neglected System Resource Architecture Management Models System/Platform Design Systems : • Properties: timing, power, security, fault tolerance • Abstractions: discrete-time, delays, resources, scheduling, 6

Composition Inside Abstraction Layers Plant Dynamics Models Controller Models Physical design Controller dynamics is developed without considering implementation uncertainties (e. g. word length, clock accuracy ) optimizing performance. X Assumption: Effects of digital implementation can be neglected Software Architecture Models Software Component Code Software design Software architecture models are developed without explicitly considering systems platform characteristics, even though key behavioral properties depend on it. X Assumption: Effects of platform properties can be neglected System Resource Architecture Management Models System/Platform Design Platform architectrue defines platform configuration, resource management, networking, . Uncertainties introduce time variant delays that may require re-verification of key properties on all levels. 7

Improve Robustness of Controllers Against Implementation Uncertainties Plant Models and Requirements Controller Design Funcion (Controller) Modeling ¢ SW Architecture Modeling Code Model-Based Design System-Level Modeling Deployment Modeling How should we increase robustness in controller design? – – – Robust hybrid and embedded systems design (Tomlin, Sastry) Performance bounds for constrained linear stochastic control (Boyd, Wang) Constructive nonlinear control design (Kottenstette, Porter) 8

Verification and Testing Plant Models and Requirements SW Architecture Modeling Code Model-Based Design V&V Funcion (Controller) Modeling ¢ System-Level Modeling Deployment Modeling How can we exploit heterogeneous abstractions in verification and test generation? – – Model-based testing and verification of embedded systems implementations (Clarke, Platzer) Statistical Probabilistic Model Checking (Zuliani, Clarke) 9

Model-based code generation (2008) Plant Models and Requirements SW Architecture Modeling Model-Based Design Funcion (Controller) Modeling ¢ System-Level Modeling Code From Models To Code Deployment Modeling How to design high-confidence software and systems? – – Model-based code generation with partial evaluation (Zhou, Leung, Lee) Model-based code generation with graph transformation (Karsai) (Last year results, they are built in the tools. ) 10

Progress towards integrated modelbased design flow Plant Models and Requirements SW Architecture Modeling AIRES Code Meta-Model-Based Design ESML AIF PRISM Meta-Model Funcion (Controller) Modeling ¢ PRISM ESML ECSL-DP Meta-Model System-Level Modeling ESML CFG Meta-Model Deployment Modeling How can we integrate model-based design flows? – – – Correctly composing components (Lee) Model-integrated tool chain for high confidence design (Karsai, Porter, Hemingway, De. Busk and Sztipanovits) Star. Mac Experimental platform (Tomlin, Sastry) 11

Starmac Experimental Platform Quadrotor aircraft developed by co-PI Claire Tomlin Requires integration of legacy and custom components. 12

Experimental Set Up ¢ A mobile sensor network: – – – ¢ A set of vehicles, each with a set of sensors for its own navigation and control, as well as for sensing its environment (such as target range or bearing) Computation is distributed, and limited to the processors on board the vehicles (no central computer) Communication between subsets of vehicles (limited by range or geography) available Collision avoidance needed between vehicles Humans share control with automation Focus on algorithms for autonomous search: – – – Unexploded ordinance detection Beacon tracking scenarios RFID tracking Survey of disaster areas Search and rescue Biological studies, animal monitoring 13

Accomplishment Highlights 1/2 ¢ ¢ ¢ New results in hybrid control system design using reachable set analysis. Methodology for computing reachable sets using quantized inputs over discrete time steps has been developed and implemented for an aircraft collision avoidance example. (Tomlin, Sastry) Use of reachable set analysis in complex control law design. (Tomlin) We have extended our approach for integrated software model checking in the loop to the case of nonlinear dynamic plant models using the concept of bisimulation functions for nonlinear systems (Krogh) (not presented at the review) New algorithm for the formal verification of curved flight collision avoidance (Clarke, Platzer) New algorithm and method for statistical probabilistic model checking and its application to Simulink/Stateflow models (Clarke, Zuliani) Extension of passivity based approach for controller design to fixed-wing aircrafts. (Kottenstette) 14

Accomplishment Highlights 2/2 ¢ ¢ ¢ New results in introducing ontology information using Hindley-Milner type theories in modeling environments (Lee) New results in handling time in hierarchical models (Lee) Integrated tool chain for model-based generation of embedded flight controller on distributed computing platform. Guaranteed stability against implementation induced timing uncertainties and verified schedulability on timetriggered platform. Demonstration of roundtrip engineering between physical and implementation layers: physical models are used for code generation and implementation models are used for updating physical models. Demonstration of practical use of reachable set analysis in acrobatic maneuver design and multi-vehicle collision avoidance for the STARMAC quadrotor helicopter testbed. 15

Collaboration ¢ ¢ ¢ The team members work together extensively in many areas in this project and outside of the project Many examples for joint work among research teams Forms of collaborations: – – – Bi-weekly/monthly telecons Researcher and graduate student visits Free flow of ideas, methods and tools 16

Transitioning ¢ The Ptolemy II source tree now is available via CVS. The team actively works on transitioning research results to the following companies : l l ¢ Vanderbilt’s MIC tool suite (GME, GRe. AT, UDM, OTIF) had a major release in 2009. GME supports now large scale model management and concurrent modeling. The releases are available through the ISIS download site. l l ¢ Lockheed Martin National Instrument Vanderbilt continued working with GM, Raytheon, LM and BAE Systems research groups on transitioning model-based design technologies into programs. Vanderbilt continued working with Boeing’s FCS program on applying the MIC tools for precise architecture modeling and systems integration. Active collaboration with TTTech, University of Vienna. Collaboration started with VERIMAG. on integrating BIP in the tool chain. UC Berkeley’s reachable set tools are transitioned to the following institutions: l l Microsoft Research NASA Ames 17

Plans for Years 4&5 ¢ Networked Control System Design – – – ¢ Verification and Testing – – – ¢ Generation of formal representations from models Order reduction using hybrid bisimulation Compositional specification of heterogeneous components Tools – – – ¢ Distributed control/multi agent systems Dynamic state estimation and mode switching Robustness against network effects More realistic channel models Managing effects from network layer Integrated, heterogeneous tool chains Complete path from virtual prototyping to physical implementation Additional design aspects: fault management, bridge to security Experiments – Extension of scope and complexity 18

Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems Control Design Implementation Design Modeling Languages Model Transformation Model Translators Model-based Code Generators if (inactive. Interval != -1) { int this. Interval = (int)(System. current. Time. Millis() last. Accessed) / 1000; if (this. Interval > inactive. Interval) { invalidate() ; Server. Sessio n. Manager ssm = Server. Se ssion. Manager. get. Manager(); ssm. remove. Se ssion(this); } } } private long last. Accessed. Time = creation. Time; /** * Return the last time the client sent a Analysis tools Platforms APPROACH/TECHNICAL CHALLENGES • Guaranteed behavior of distributed control software using the following approaches: (1) extension of robust controller design to selected implementation error categories (2) providing “certificate of correctness” for the controller implementation (3) development of semantic foundation for tool chain composition (4) introducing safe computation models that provide behavior guarantees ACCOMPLISHMENTS/RESULTS · See Presentations Long-Term PAYOFF: Decrease the V&V cost of distributed embedded control systems OBJECTIVES • Development of a theory of deep composition of hybrid control systems with attributes of computational and communication platforms • Development of foundations for model-based software design for high-confidence, networked embedded systems applications. • Composable tool architecture that enables tol reusability in domain-specific tool chains • Experimental research FUNDING ($K)—Show all funding contributing to this project AFOSR Funds Option FY 06 FY 07 FY 08 FY 09 FY 10 FY 11 479 986 989 547 465 995 529 TRANSITIONS • Strong link to industry: Boeing, BAE Systems, Raytheon, GM, Math. Works, National Instruments, TTTech • Industry affiliate programs: CHESS, ESCHER, GMLab. STUDENTS, POST-DOCS • 9 graduate students (MURI) + student groups from other projects LABORATORY POINT OF CONTACT Dr William M. Mc. Eneaney, AFRL/AFOSR Dr Fariba Fahroo, AFRL/AFOSR Dr. David B. Homan , Civ AFRL/RBCC, WPAFB, OH 19

Starmac Platform LIDAR RS 232 URG-04 LX 10 Hz ranges 115 kbps Stereo Cam Videre STOC 30 fps 320 x 240 PC/104 Pentium M 1 GB RAM, 1. 8 GHz Firewire 480 Mbps GPS RS 232 UART Superstar II 10 Hz 19. 2 kbps IMU UART 115 Kbps UART 3 DMG-X 1 76 or 100 Hz 115 kbps Ranger I 2 C SRF 08 13 Hz Altitude 400 kbps Ranger Mini-AE 10 -50 Hz Altitude 480 Mbps Wi. Fi 802. 11 g+ Est. & control Stargate 1. 0 UART Intel PXA 255 64 MB RAM, 400 MHz Supervisor, GPS Robostix Atmega 128 Low level control CF 100 Mbps ≤ 54 Mbps Wi. Fi 802. 11 b ≤ 5 Mbps Start with controller PPM 100 Hz Analog Beacon Timing/ Analog USB 2 Tracker/DTS 1 Hz Expand to supervisor ESC & Motors Phoenix-25, Axi 2208/26 Finally to host 20

Platform Extensions Gumstix TTTech ¢ ¢ MPC 555 micros TTP/C comm TTTech Software tools Fault-tolerance Soekris ¢ ¢ ¢ Linux w/ 3 x. Ethernet TT Virtual Machine on standard UDP and Linux No fault tolerance (yet) 21