1. No category

Model-Based Programming of Intelligent Embedded

Model-Based Programming of
Intelligent Embedded Systems
Bill Gaes
CSc 299 Masters Seminar
Presentation and Discussion
5/20/2005
Based on:
Brian C. Williams et al.,
“Model-Based Programming of Intelligent Embedded Systems and Robotic Space
Explorers,”
Proceedings of the IEEE, vol. 91, no 1, pp.212-237, 2003.
Outline
Model-Based Programming
Overview
Advantages
Example
Motivation
Details
Discussion
5/20/2005
Model-Based Programming
2
Model-Based Programming
Program what you want the system to do
Develop models of what the system can do
Rely on executive to:
execute program
reason on-the-fly
track system state
diagnose faults
reconfigure system to achieve desired goals
5/20/2005
Model-Based Programming
3
Advantages of Model-Based
Programming
Allow engineers to specify high-level
control strategies
Encapsulation and separation of concerns
Model composed of components (e.g., engine,
camera, etc)
Program - Object-oriented with multiple
inheritance
Executive replaceable with different
implementation or one with added capabilities
5/20/2005
Model-Based Programming
4
Advantages of Model-Based
Programming
Powerful Inference Engines
Reusability
Robustness
Verifiability
5/20/2005
Model-Based Programming
5
Example Embedded System Spacecraft
Spacecraft with 2 redundant engines
and a camera
Objective: insert spacecraft into orbit
Camera must be off
One of two engines must fire
5/20/2005
Model-Based Programming
6
Simple Spacecraft Model
Initial State
Fuel
Goal State
Oxidizer
shut valve
Fuel
Oxidizer
open valve
EngineA
5/20/2005
EngineB
EngineA
Model-Based Programming
EngineB
7
Simple Spacecraft Model
Initial State
Goal State
On
Science Camera
5/20/2005
Off
Science Camera
Model-Based Programming
8
Control Program Pseudocode
Orbital Insertion Control Program:
Concurrently
Place both Engines in standby
Shut off Camera
When Engines are in standby And the Camera is off
then Fire EngineA
5/20/2005
Model-Based Programming
9
Reactive Embedded Systems
Requires concurrent and
synchronous programming languages
such as:
Esterel (~1992)
Statecharts (~1987)
5/20/2005
Model-Based Programming
10
Programming Complex
Reactive Embedded Systems
Programming using traditional
reactive languages
challenging, time-consuming, and
error-prone
Embedded Program
Cntrl
Obs
Physical Plant
5/20/2005
Model-Based Programming
11
Challenges of Programming
Autonomous Systems
Programmers must reason through systemwide interactions to generate code for:
•
•
•
•
•
•
5/20/2005
monitoring
safeing
goal tracking
standby
fault recovery
mode confirmation
• detecting anomalies
•
•
•
•
•
isolating faults
diagnosing causes
adaptive control
fault avoidance
hardware reconfiguration
Model-Based Programming
12
Esterel Program For a
Robot to Follow a Line
module ROBOT:
Pure signals - indicate presence or absence of stimuli
input LeftSensor, RightSensor;
output LeftWheelSpeed : float, RightWheelSpeed : float;
loop
Value signals - have arbitrary value
await tick;
of specified type
[
present LeftSensor else
emit LeftWheelSpeed(1.0f)
Wheel controller - sets relative angular velocity,
end present
a value in [-1, 1], 1.0 is full speed forward.
||
present RightSensor else
emit RightWheelSpeed(1.0f)
end present
||
Explicit syntax for execute in parallel
present [LeftSensor and RightSensor] then
abort
Both sensors see line so attempt
loop
corrective action to get back on track
emit RightWheelSpeed(1.0f);
emit LeftWheelSpeed(-0.5f)
Continuously emit 2 signals sequentially,
each tick
when [not LeftSensor]
but at each tick, so executed at same instant
end present
- emit returns immediately
]
end loop
end module
5/20/2005
Model-Based Programming
13
Mars Polar Lander Failure
Leading hypothesis for failure:
Landing legs deployed during decent.
Noise spike in Hall effect sensors latched by
monitors.
Laser altimeter registered altitude of 40m
At 40m leg monitors polled
Monitors latched - engine shutdown at 40m
5/20/2005
Model-Based Programming
14
Problem and a Solution
Problem
Failure space and interactions with hardware
and software too large to enumerate
Solution
Provide reactive embedded languages that
reason-on-the-fly from commonsense models
Model-based Programming
5/20/2005
Model-Based Programming
15
Model-Based Architecture
Reactive Model-based
Programming Language
(RMPL)
Control
Program
“Titan” - Model-based Executive
Control Sequencer
State
estimates
Configuration
goals
Plant Model
Deductive Controller
Observations
5/20/2005
Model-Based Programming
Physical
Plant
Commands
16
Simple RMPL Control
Program Procedure
TakePicture(target)::{
do {
Attitude = target,
when Attitude = target donext {
SnapStore();
SnapStore();
}
} watching Picture = Stored
}
5/20/2005
Model-Based Programming
17
RMPL Control Program
Five design features
Parallel and sequential execution threads
Conditional execution
Iteration
Preemption
Defining feature
ability to reference “hidden” states of physical
plant within assertions and conditions
5/20/2005
Model-Based Programming
18
RMPL Control Program
expression --> assertion | combinator | prgm_invocation
combinator --> A maintaining c | do A watching c |
if c thennext A | unless c thennext A |
A,B | A;B | always A
prgm_invocation --> program_name(arglist)
Key:
c denotes constraint
A and B denote well formed RMPL expressions
Note: Language provides additional derived combinators, created by
combining primitive combinators
5/20/2005
Model-Based Programming
19
RMPL Control Program
OrbitInsert()::{
do{
assertion
EngineA = Standby,
achieve constraint
EngineB = Standby,
Camera = Off,
do{
when EngineA = Standby ^ Camera = Off
donext EngineA = Firing
} watching Engine A = Failed,
when EngineA = Failed ^ Engine B = Standby ^
Camera = Off
donext Engine B = Firing
}watching Engine A = Firing v Engine B = Firing
}
5/20/2005
Model-Based Programming
execution condition
ask constraint
20
Model-Based Executive
Control Sequencer
Executes control program
Uses likely state estimate to generate configuration
goals for Deductive Controller to achieve
Model-Based Executive
Control
Program
Plant Model
Control Sequencer
State
estimates
Configuration
goals
Deductive Controller
Physical
Plant
Observations
5/20/2005
Commands
Model-Based Programming
21
Plant Model - Concurrent
Constraint Automata
Built from a set of component models
Each component is represented by
Set of component modes
Set of constraints defining behavior within
each nominal mode
Set of probabilistic transitions between
modes
5/20/2005
Model-Based Programming
22
Spacecraft Engine
Component Model
Behavior within a mode
described by constraints
on plant variables:
thrust and power_in
(thrust = zero) AND
(power_in = zero)
Off
Cmd = stdby
(thrust = zero) AND
(power_in = nominal)
Probabilistic uncommanded
transition
0.01
Cmd = off
Standby
Cmd = Fire
Failed
0.01
Cmd = Stdby
Component Mode
(thrust = full) AND
(power_in = nominal)
Firing
0.01
No constraint for engine’s
behavior in failed mode constraint suspension
Note: All nominal transitions are P = 99%
5/20/2005
Model-Based Programming
23
Spacecraft Camera
Component Model
(power_in = zero) AND (shutter = closed)
Off
Cmd = Cam_off
On
0.01
Cmd = Cam_on
Failed
0.01
(power_in = nominal) AND (shutter = open)
Note: All nominal transitions are P = 99%
5/20/2005
Model-Based Programming
24
Spacecraft Valve Driver and
Valve Component Models
dcmdout = vcmdin
dcmdin
Valve Driver Model
on
dcmdin = on
dcmdin = reset
vcmdin
Valve Model
interconnection constraint
resettable
failure
open
driver = on
dcmdin = open
dcmdin = off
stuck-open
driver = on
dcmdin = close
dcmdin = off
off
permanent
failure
closed
stuck-closed
Note: All nominal transitions are P = 99%
Failure transitions are P = 1% (not shown)
5/20/2005
Model-Based Programming
25
Model-Based Executive
Titan Model-based Executive
Control
Program
Control Sequencer
State
estimates
Plant Model
Estimates most
likely transitions
5/20/2005
Mode
Estimation
Observations
Configuration
goals
Mode
Reconfiguration
Physical
Plant
Finds least-cost
reachable goal state
Deductive Controller
Commands
Model-Based Programming
26
Deductive Controller
Mode Estimation
Mode Reconfiguration
Selects valve
configuration;
plans actions
to open
six valves
Deduces
engines in
standby
Deduces valve failed
- stuck closed
Selects valves on backup
engine needed to achieve
thrust, and plans needed actions
Mode Reconfiguration
5/20/2005
Mode Estimation
Model-Based Programming
27
Space of Possible State
Trajectories for Plant Model
Trellis Diagram
S(0)
S(1)
S(N-1)
S(N)
Discrete time step
S
...
Plant state
• assigns value to each state variable, e.g., 3000
• consistent with all state constraints, e.g., 12,000
T
Set of concurrent transitions
• one per automata, e.g., 80
Examples from Plant Model for Deep Space One
5/20/2005
Model-Based Programming
28
Deductive Controller
Mode Estimation (ME)
Incrementally tracks sets of component
mode transitions
Consistent with observations, initial state,
and plant CCA
Number of transitions is nm where
n is the size of the domain of the mode variables
m is number of mode variables
Deep Space One Probe (DS-1) nm = 380
5/20/2005
Model-Based Programming
29
Deductive Controller
Mode Estimation (ME)
Frame as Optimal Constraint Satisfaction
Problem (OCSP)
Conflict-directed A*
Uses propositional logic to find conflicts
Conflicts used to prune implausible consistent
transitions
Mode transitions reduced to less than a
dozen from 380
5/20/2005
Model-Based Programming
30
Mode Estimation
^
S(0)
^
S(1)
^
S(t-1)
...
^
S(t)
prob(si)
most likely state - sj
prob(sj) state with highest probability
Tracks most likely states consistent with plant model,
observations, and control actions
5/20/2005
Model-Based Programming
31
Deductive Controller
Mode Reconfiguration (MR)
Series of commands that progresses plant
toward a maximum-reward state that achieves
the configuration goal
Goal Interpreter
find goal state that achieves configuration
goal while maximizing reward.
Reactive Planner
generates command sequence to move
plant to goal state.
5/20/2005
Model-Based Programming
32
Mode Reconfiguration
^
S(t)
^
S(t+1)
^
S(t+n)
S(t+n-1) ^
...
Maximum
reward goal
state
Given goal and most likely current state find commands that
transitions through plant state space toward maximum-reward
goal state that achieve the configuration goal
5/20/2005
Model-Based Programming
33
Model-based Programming
Real-world Uses
Deep-Space One - 2001
• Autonomous control of engine firing
MIT Sphere Spacecraft - 2004
• docking maneuvers with International Space Station
Simulation system for rapid prototyping
• autonomous mars exploration testbed
Toyota
• Fault management and failure recovery for high-end vehicles
NASA Mars Technology Program
• Proposing incorporation into Mars 2009 Smart Lander
John Hopkins Applied Physics Lab
• Proposing applying to Messenger Mission to Mercury
5/20/2005
Model-Based Programming
34
Discussion
Does this paradigm appear to provide the
claimed advantages?
What are potential limitations or pitfalls?
Based on its technical merit is MB-P an
advancement?
Does it have enough successes and
interest to sustain itself?
5/20/2005
Model-Based Programming
35

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz