016_Distributed Control Lab

8/6/2019 016_Distributed Control Lab

http://slidepdf.com/reader/full/016distributed-control-lab 1/48

Distributed Control Lab-

A component-based application

OverviewArchitecture

Experiments



Outline

Motivation

The Distributed Control Lab (DCL) Architecture

“Foucault's Pendulum Details” – Hardware / Software Architecture

– Control Algorithms

“Hau den Lukas”

– Hardware Architecture

– Control Software

Additional Experiments

Malicious Code Problem / Solutions



Motivation

Online access to physical experiments over theWeb

Test-bed for interconnected middleware-

components and embedded systems

Reach a predictable system behaviour in unstableenvironments

Study techniques to prevent malicious codedamaging physical equipment

Foucault's Pendulum demonstrates usage of dynamic reconfiguration for online replacement of user control



Distributed Control Lab

2001 project start at Hasso-Plattner-Institute

Practice of writing control algorithms for real-timecontrol problems

study of system predictability, availability and security incontext of middleware-based dynamic control systems

Extensible architecture for hosting physical controlexperiments

Investigation of algorithms for user code observationand replacement of control components

Experiment : physical installation and specific control

software



The Distributed Control Lab



Distributed Control Lab (V2)Architecture

Admin

Experiment

Manager

Ticket Service

Job Queue

R

R

SOAPFrontend

R

R

Result Manager

Job Results

Experiment

Controller

Tickets Users

DCL

Frontend

User

R

SOAP

Experiment

Controller

R

R

SOAP

R

Experiment Service

DISCOURSE

Users



ClientWeb-Browser

DCL Messaging Protocols

http/htmlASP.NET

Page

IIS ASP.NET

Web/Application

Server

DCL-

Web Service

IIS ASP.NET

Web/Application

Server

DCLExperiment-/

Resultmanager

.NET Remoting

Service

DCLExperiment-

Controller

.NET Remoting

Service

EmbeddedControl

Device

RT-Linux PC

Brick OS

...

DBMS

SOAP

.NET

RemotingODBC

.NET

Remoting

TCP/IP

IrDA



Problem : Malicous Code

Investigation of Solution for malicious code detection

– Source code analysis

– Experiment-specific languages / Language limitations

– .NET code access security

– Simulation before execution on physical experiment

– Analytic Redundancy

Online observation of user programs Replacement of user programs before reach of

uncontrollable state

Dynamic reconfiguration of component-based controlapplication

Monitoring of environmental settings and component states



Foucault’s Pendulum

First installation 1848 by Leon Foucault in the

Pantheon in Paris

Demonstrates earth rotation

Today many installation including one in UN-building in

New York

Problem : Pendulum must be kept swinging

Solution : electro magnet under an iron ball

Experiment: Find best control algorithm to keep the

pendulum swinging

– Using minimum energy – Reaching the highest amplitude



USB Host-

Controller

User-

Controller

Safety-

Controller

Event

Duplication

Operating System I/O

Check HalfFull Flag

Configuration

Manager

Binary Reader /

Filter, Smooth

Event Creation

Binary Writer

Binary Stream

Generation

User Mode

Kernel Mode

Cypress EZ-USB

Read

Write

64 Byte

I/O request packetLight Sensor

Electro Magnet

FIFO-Memory

4 KBytes

ReadFile() WriteFile()

Pendulum Control – detailed

• Laser light barriers sampled into

4KByte FIFO-memorys with 23,4

kHz

• USB-Controller checks half-full-Flag

• 64 Byte blocks of data transferred

via USB 1.1

• Real-Time OS-Threads process in-

coming signals / produce out-going

bit stream



Pendulum-API : Control Event

public class ControlEvent

{

public int nr ; // sensor or actuator identifier

public int state; // actuator 1 ON - 0 OFF// light barrier

// 1 light -> dark

// 0 dark -> light

public long timestamp; // global time stamp

}



Pendulum-API : Interface

public interface Pendulum

{

// Dequeue next event

// Blocks if no event present until next event occurs

public ControlEvent GetNext();

// Queue next event to put energy on / off

public bool SendEvent(ControlEvent input);

// Get global time stamp 1 micro seconds logical resolution

public long GetTime();

}



Pendulum: Example Control Code

while(true)

{

// get next event

ControlEvent ev = pendel.GetNext();

if(ev.state == 1) // pendulum enters light barrier

{

// switch magnet on

pendel.SendEvent(new ControlEvent(ev.timestamp+1000,0,1));

// switch it off after 5 ms


}

}



Pendulum Control ProcessGeneration

while(true){

// get next event



{

// switch magnet on


// switch it off after 5/23 seconds


}

}

send to DCL while(true)

{

// get next event



{

// switch magnet on


// switch it off after 5/23 secondspendel.SendEvent(new ControlEvent(ev.timestamp+6000,0,0));

}

}

Public Class UserControl

{

Public Static void Main(String[] args)

{

}

}

Configuration Code

Control Code

generate user control class

user control code

compile

control



Pendulum : Increase of amplitude

1. Get current oscillation time Toz ( time for a fulloscillation )

2. Get current time the ball is covers the lightbarrier Ts ( indicates speed )

3. If ball enters light barrier :1. Queue Enable Magnet Event at Tcurrent+Toz/4

2. Queue Disable Mag. Event at :Tcurrent + Toz/2 + Ts/2 – Tmf

1. Tmf – duration of magnetic field shut down

4. Repeat steps 1-4



Code Access Security-CAS in .NET

Supplements operating system security mechanisms

Trust to assemblies vary depending of origin and

publisher

Based on evidences of assemblies

– Application directory

– Strong name

– URL – Signature

Permissions restrict access to system resources

DCL: Configuration of usable class library classes



Code Access Permissions

Represent access to a protected resource or

the ability to perform a protected operation

Environment Variables

File Dialog

File I/O

Isolated Storage File

Reflection Registry

Security

User Interface

DNS

Printing

Event Log

Socket Access

Web Access

Performance Counter Directory Services

Message Queue

Service Controller

SQL Client



Evidence Based Security

Assembly evidence is matched against codegroups to gain permission

Code group consist of – Membership condition

– Set of code access permissions

Security policies contain code groups that map

assemblies to permissions Policies in .Net : Enterprise, Machine, User,

Application Domain

Policy Evaluation: top-down



.NET Security in the PendulumExperiment

Code group in machine policy applies only to

usercode.exe assembly

– Custom Permission Set assign to the code group

No permissions, except: – Execution permission

– Access to driver component via .NET Remoting

Localhost, one specified socket, one URI

– File I/O in the local directory

Security exception if any restriction is violated

– Check required permissions before code execution

– .NET Attributes



Pendulum ExperimentDynamic Properties

Code Access Security provides safe environment for

execution of foreign code

There are still dynamic properties at the experiment

that can not be handled by CAS – Expiration of available execution time (fairness)

– Expiration of available energy

– Overheating of the coil

– the pendulum falls below a critical amplitude (energy) - so it

could not be kept swinging

– Unexpected termination of user programs

– Exaggerated use of memory



Our Approach : Dynamic Reconfiguration

as safe-guard mechanism

Mapping of profiles to application configurations basedon environmental conditions and component states

Selection of application configuration according to

conditions provides best service for a given situation Definition of

– observer : monitoring of environmental settings and componentstates

– profiles : mapping of environmental conditions to application

configurations

– configurations of component-based applications

Online monitoring of environment and components

Change of application configuration using dynamicreconfiguration if required (changed conditions)



Configuration Creator Tool



Pendulum ExperimentControl Configurations

USB-Driver

Event Queuing

Safety

Controller

User

Program

Event

Duplicator

User

Program

Configuration 1 : safety controller

Configuration 2 : user program (cold standby)

Configuration 3 : user program (warm standby)

USB

Safety

Controller

Safety

Controller



Measurements:Abnormal Termination of User Program



„Higher Striker“ – „Hau den Lukas“

Similar hardware to pendulum experiment – Parallel I/O / 38 kHz sample rate / 256 Byte buffer

Use of Real Time OS – Smaller Buffers, Higher Sampling Frequency

– Short control delay

– COTS x86 PC

Intel Celeron 633 MHz, 128 MB RAM (max 64 MB usable) 10 Mbit/s LAN (NE 2000 PCI)

Combination of non-RT .Net and RTapplication

CE-PC Windows Ce.Net 4.2



“Higher Striker” - Architecture

A/D Transformation

FIFO-Memory

Optical Signal Gen.

CE-PC

Plattform

Builder/

Debug Host

.Net DCL

Controller

PC

OS Image

DebuggingParallel Port I/O

Download

COMPILED

User Control

Algorithms

User Code

light

barriers

Switch

Power

DCL



„Higher Striker“Minimal Program

INITIALIZE;

do

{

READ();

WRITE(buffer);

GETSTATUS()if(EMPTY_FLAG_LS) Sleep(1);

}

while(!EOF(buffer))



Controlling the Experiment

Abstract from Direct Hardware Programming

Provide Higher Level API to the experiment

2 possible control scenarios : – Calculation before runtime, analysis of result after

experiment execution for next run

– Calculation of control signals during runtime – hard

deadlines

Investigation of various operating systems

.Net Compact Framework and real time



„Higher Striker“ - Event List - API

Definition before runtime

Transformation into byte stream before runtime Simple checks possible (temperature of magnet)

Generation of event list after runtime for analysis for next experiment runs

Not flexible – but simple to implement

0;1;

10;0;

20;2;

25;0;

50;4;80;0;

1111111111000000000

0222220000000000000

0000000000000000888

8888888888888888888

8888880000000000000



Higher Striker Control API

int HDLInitialize ( );

int HDLInitialize ( unsigned char Writeahead,

unsigned char Initial[]);

int HDLStartClock( );

int HDLStopClock( );

int HDLPerform( unsigned char * Write,

unsigned char * Read );

int HDLGetStatus();

int HDLGetError( int * LSError, int * MSError );



Higher Striker – Watch Dog

Init Active Stopsignal

not signaled for 5 reboots

if not signaled for 5 sec reboot

70 sec

power on

power off

Hardware Watchdog connected / signaled via serialcommunication interface of control PC

In case of system hang-up control PC will be rebooted

Atmel AVR 8-Bit Tiny 12 microcontroller



Higher Striker Simulation

Used Buffer (0-255 Byte)

Cylinder Speed

Height

Video

Animation



DCL - Grid Integration

Heterogeneous

– X86,Itanium, PowerPC

– Windows 2000/XP, Linux,

Mac OS X DRMAA – Job

Submission and Control

for Clusters and Grids

GLOBUS

IDLE-Time

– Condor

– Sun Grid Engine, Condor

Grid

Grid

- Increased Throughput

- Increased Response Time

Povray

Simulation



Fischertechnik Production Line

Control via Fischertechnik Intelligent Interface

– Serial communication interface, 9600 Bits/sec

– 4+4 Digital Outputs, 8+8 Digital Inputs, 2 Analog

Inputs

– Installation:

4 Intelligent Interfaces

Pneumatic Actuators 1 robot arm

( 2 free degrees )



Controlling Fischertechnik usingBeckhoff Industrial-PCs and the DCL

D

C

L

.NET

Controller IIF

ADS.NET Visual Studio Plug-In

TwinCat PLC-Control



Märklin Railway

Märklin Digital Model Railway

Control via serial interface 9600 Bit/sec

S-88 Bus and controller Configurable train speed

Feedback via rail sensors

About 20 switches

Controlled by x86 PC

Currently running W2K



Running .NET on devices

Why ?

– Rapid software development for embedded devices

– Object-oriented programming model, type safety

– Many available tools, know-how, many experts – Code access security for remote lab experiments

How ? Possibilities:

– PC-based execution – Communication to device for I/O

– Native execution of translated IL-Code

– Interpretation of stripped IL-Code on the device

– Running .NET on more powerful embedded

devices to control small embedded devices



CLI2RCX- .NET runtime for Lego Mindstorm

Our gcc (Gnu Compiler Collection) frontend supports the full

ECMA-335 standard and can parse any conformant .NETassembly.

Port for Renesas/Hitachi H8-300 microcontroller underway

– Extremely small footprint (32 KB memory)

– Variable and method definitions, method calls, integer ops up and

running

ildasm.Net

AssemblyC#

VB .Net

C++ .Net

RCX

binary

(srec -

format)

target

binaries

GCC

CIL

Front EndRTL

Hitachi

H8-300

Back End

Backends

mnemonic

CIL

Assembly

Hitachi

H8300

Backend



Mirco.NET - .NET Interpreter for Lego Mindstorm

• Application assemblies merged and striped (metadata, portable executable header, references)

• Application merged to one „micro“ assembly and

transferred to device embedded device

• Interpreter reads “micro” executions according

instructions using a separate runtime

Micro

IL

Assembly

Application

AssemblyDependencies

Base Class

Library

DependenciesDependency

Micro

IL

Assembly

Runtime

Interpreter

Operating

System

Hardware

Embeddded Device Host

strip

mergedownload



CLI2RCX- .NET – Current State

Version 1.0 release implements the following

features of the .NET platform:

– primitive datatypes: bool, byte, short, int

– classes, including instance attributes and properties.

– static and instance methods, including parameters,

local variables, and constructors.

– arithmethic operations

– control flow operations: conditional and

unconditional branch instructions.



CLI2RCX- .NET – Current State

The following features are not yet supported (as aremost features not mentioned in either list): – most value types (enums, structs, delegates, floats, doubles)

– strings

– single-dimensional zero-based arrays (partially complete)

– multi-dimensional or non-zero-based arrays

– Inheritance, polymorphism, and late binding

– interfaces

– exceptions

– static class attributes, class constructors, events

– boxing and unboxing

– arithmetic instructions that detect overflows

– any predefined class except for System.Object



Related Work

“Verbund Virtuelles Labor” project at University

Reutlingen / Germany

iLab project (WebLab) at MIT

Virtual Lab at University of Hagen /Germany

Tele-Laboratory at University of Pisa

Tele-Lab / Simplex architecture “Ein ferngesteuertes Labor im Internet”

www.remote-lab.de

016_Distributed Control Lab

Documents

Transcript of 016_Distributed Control Lab