Robust Hybrid and Embedded Systems Design Jerry Ding, Gabe Hoffmann, Haomiao Huang, Vijay Pradeep,...
-
Upload
franklin-genn -
Category
Documents
-
view
218 -
download
0
Transcript of Robust Hybrid and Embedded Systems Design Jerry Ding, Gabe Hoffmann, Haomiao Huang, Vijay Pradeep,...
Robust Hybrid and Embedded Systems Design
Jerry Ding, Gabe Hoffmann, Haomiao Huang,
Vijay Pradeep, Jonathan Sprinkle, Steven Waslander,
Edward Lee, Shankar Sastry, Claire Tomlin
MURI Review Meeting
Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems
Berkeley, CA
September 6, 2007
2
Outline
Requirements specification
Function modeling and simulation
SW/HW architecture modeling and simulation
Systems design
Code generation and verification
Allocation and scheduling analysis
Our MURI…. “Top down meets bottom up”
Verification methods and tools at each layer
Automatic generation of verified code Automatic generation of test suites for each
layer Tools and testbeds for low level software
analysis
In this talk: Reachable sets for verifying hybrid control
protocols Quadrotor testbed: control and software
architecture
3 3
δ
ΔW
Target Set for Refueling
1
3
4
25
6
7
humanoperated
boom
humanpilot
δ = Long. Tolerance for Catching Boom
ΔW = Lat. Tolerance for Catching Boom
Reachable sets for verifying control protocols: aerial refueling example
Boeing
4
Stationary 7
Stationary 1
Stationary 2
Stationary 3Stationary 4
(Fueling)
Stationary 5
Stationary 6
Formation Transition Language
MoveBack
12,uxfx
stuxfx ,
stuxfx ,
Break Away
{x∈G12}
MoveLeft 23,uxfx
Precapture
{x∈G23}
stuxfx ,
MoveForward
34,uxfx Capture
{x∈G34}
stuxfx ,
MoveBack
45,uxfx
Postcapture or
Fuel Wave Off
stuxfx ,
MoveRight
56,uxfx
Break Away
{x∈G56}
{x∈G45} stuxfx ,
stuxfx ,
MoveForward
67,uxfx
Rejoin
{x∈G67}
Gij = Target Set of Manuever from Stationary i to Stationary j
Fallback 2 56,uxfx
Fallback 1 67,uxfx
Fallback 3 45,uxfx
Fallback 4 23,uxfx
Fallback 5 12,uxfx
FB
FB
FB
FB
FB
FB
FB = Fall back command
5controllable flare envelope
controllable TOGA envelopeintersection
Reachable sets for Formation Transition
Generate state-based reachable sets which can be used to verify that taking a certain action is or is not safe
Flare vs. TOGA maneuver:Vehicles/personnel are
prevented from transitioningin unsafe situations
Intersection calculations areextremely fast (milliseconds)
6
Reachable Sets for Individual Transitions
Targets are small sets of states around the way points
Reachable Set for PrecaptureTime Horizon: 10s
http://www.cs.ubc.ca/~mitchell/ToolboxLS/index.html
7
Simulation of Capture Sets
Complete refuel sequence with capture sets for all maneuvers User input specifies transitions between waypoints Capture sets can be used to minimize allotted time for each
maneuver In event of waveoff, UAV
attempts to go back to previous waypoint
Capture set gives information about whether UAV can return to previous waypoint within a given time horizon
8
Unsafe Sets for Individual Transitions During any formation transition, need to prevent UAV from entering
into collision with tanker Unsafe set is set of states that can reach an unsafe zone within a
given time horizon
Unsafe Set for CaptureTime Horizon: 5s
• Unsafe zone is set of locations within a certain radius of the tanker
• Provides information on which maneuver should be executed to prevent collision
9
Simulation of Multiple Reachable Sets UAV starts in unsafe zone for capture Want to reach capture zone without any collisions
Yellow: Unsafe Capture
Magenta: Unsafe Left Turn
Green: Capture Reachable Set
Red: Unsafe Move Forward
Capture Zone
Desired Trajectory
10
Simulation of Multiple Reachable Sets
Visualization of unsafe sets together with capture sets allows for construction of a sequence of safe maneuvers to enter capture zone
11
Synthesizing MATLAB scripts
After attaching semantics to the Formation Transition Language, we will be able to synthesize the MATLAB scripts, based on generalizations of the prototypes which we’ve built by hand. Then, “fallback” states can change, based on the model built, not the static code.
12
Another example: Analysis of Traffic Alert and Collision Avoidance System (TCAS)
NASA
13
Outline
Requirements specification
Function modeling and simulation
SW/HW architecture modeling and simulation
Systems design
Code generation and verification
Allocation and scheduling analysis
Our MURI…. “Top down meets bottom up”
Verification methods and tools at each layer
Automatic generation of verified code Automatic generation of test suites for each
layer Tools and testbeds for low level software
analysis
In this talk: Reachable sets for verifying hybrid control
protocols Quadrotor testbed: control and software
architecture
14
Quadrotor testbed: control and software architecture
Autonomous UAVs Onboard computation & sensors State and environment estimation Attitude, altitude, position and
trajectory control 4 flightworthy vehicles More are being made
Testbed goals Quadrotor UAV design Cooperative multi-agent control Mobile sensor networks
Stanford Testbed of Autonomous Rotorcraft for Multi-Agent Control (STARMAC)
15
STARMAC history
16
STARMAC Electronics System
WiFi802.11b
≤ 5 Mbps
ESC & MotorsPhoenix-25, Axi 2208/26
IMU3DMG-X1
76 or 100 Hz
RangerSRF08
13 Hz Altitude
GPSSuperstar II
10 Hz
I2C400 kbps
PPM100 Hz
UART19.2 kbps
RobostixAtmega128
Low level control
UART115 kbps
CF100 Mbps
Stereo CamVidere STOC
30 fps 320x240
Firewire480 Mbps
UART115 Kbps
LIDARURG-04LX
10 Hz ranges
RangerMini-AE
10-50 Hz Altitude
BeaconTracker/DTS
1 Hz
WiFi802.11g+
≤ 54 Mbps
USB 2480 Mbps
RS232115 kbps
Timing/Analog
Analog
RS232
UART
Stargate 1.0Intel PXA255
64MB RAM, 400MHz
Supervisor, GPS
PC/104Pentium M
1GB RAM, 1.8GHz
Est. & control
17
STARMAC Network
WifiNetgear
Rangemax 802.11g+
≤ 54 Mbps
GroundGPS
Superstar II
Control Laptop
ComputerPentium Core Duo
1 GB RAM, 2.16 GHz
Running Labview and ssh sessions
RS23219.2 kbps
Ethernet100 Mbps
18
STARMAC Quadrotor Helicopter
BatteryLithium Polymer
BrushlessDC MotorsAxi 2208/26
Sonic RangerSRF08
Inertial MeasurementUnit (IMU)3DMG-X1
High LevelControl Processor
Stargate SBCor PC/104
Low Level Control Processor
Robostix
GPSSuperstar II
Electronic Speed
ControllerPhoenix 25
Plastic Tube Straps
Carbon Fiber Tubing
Fiberglass Honeycomb
LIDARHokuyo
URG-04LX
Stereo VisionVidere Systems
Small Vision System
19
Quadrotor Helicopter Actuation
Yaw Torque
Roll/Pitch Torque Total Thrust
Two pairs of counter rotating blades provide torque balance
Angular accelerations and vertical acceleration are controlled by varying the propeller speeds.
20
COMMCLASS
GUI & Storage
Sensor Processing
Controller
Planner
Real TimeController
GPS
LIDAR
ROBO
GND
Estimator
GPSCalc
StateEstimator
GPS comm
Lidar comm
GND comm
Flyers Flyer comm
GUI (10 Hz)
Logging
EnviroLIDAR
Robo comm
signalserialUDP
Interfaces
Fcn call
all
all
any
STARMAC Code Architecture
21
Information Seeking Target Localization
Other Testbed Applications
Decentralized Collision Avoidance
22
Multi-Vehicle Flight
24
backups
25
Decision Authority LanguageThe decision
authority language can be specified as a series of handshakes between the UAV and the human operators
26
Simulation of Latencies and Waveoff1. Regular run, without faults
Green: TankerRed: UAV
MATLAB simulation environment
Plots trajectories of tanker and UAV
Updated in real-time at 1 second intervals
Allows fault injection by user
UAV executes fallback immediately upon fault
27
Simulation of Latencies and Waveoff
Separate waveoff for tanker and ground operators
Latencies simulated as delay between waveoff and UAV confirm
Fallback executed only when UAV confirms
Latencies currently hard coded
2. Tanker waveoff during “precapture”
Green: TankerRed: UAV
28
Simple Illustration of Reachable Sets
It has been shown (Mitchell, et al. 2005) that the reachable set is the solution to the Hamilton-Jacobi PDE:
• The level set function Φ(x,t) defines implicitly the boundary of the reachable set at time t
• In general, the solution is difficult to obtain analytically• A numerical toolbox for MATLAB is available to
approximate the solution (Mitchell 2002-2007)
http://www.cs.ubc.ca/~mitchell/ToolboxLS/index.html
)()0,(,0, 0 xxx
xHt
),(min, uxfppxH T
Uu
29
Simulation of Capture Sets
In event of waveoff, UAV attempts to go back to previous waypoint
Capture sets gives information about whether UAV can return to previous waypoint within a given time horizon
30
Dynamics
Not analogous to a pendulum
Equations of motionlargely decoupled
* ignoring blade flapping effects
31
Low Level Control
Algorithm
Initialize hardwareLoop Wait for termination of IMU data collection Retrieve A/D measurements Retrieve ultrasonic measurement, reinitiate Compute control inputs for each motor Set motor control inputs in PWM hardware Initialize transmission of statusEnd
Event Driven Real-time execution based on
Known transmission / receipt rates Measurement of code chunk execution times
32
Low Level Control “Threads”
Main (76 Hz) Interface for all threads Computes control inputs Controls hardware
• PWM Control• I2C Communication (initiate ultrasonic measurements, retrieve results)• A/D Conversion• Digital I/O
Stargate Receive (10 Hz) Parses control packets
IMU Receive (76 Hz) Parses IMU data Computes checksum (using ring buffers)
Stargate Send (76 Hz) Buffered transmission of low level control status
IMU Send (irregular) Buffered transmission of data requests (only needed to initiate continuous data)
33
Timeline
IMU RX
SG RX
SG TX
IMU TX
Main
(this is an asynchronous event)
Timing is based on IMU measurements Main requires additional timing considerations for
A/D I2C
Control bytes from SG RX are used as they arrive
34
Inputs to Atmega128
IMU (3DMGX1) Packet 0x31 UART serial communication Continuous at 76 Hz (or 100 Hz), after initialized Header byte, 11 data fields with 16 bit entries, 16 bit checksum
Ranger (SRF08) I2C serial communication Polled at 13 Hz Range return values, no checksum
Stargate or PC104 UART serial communication Continuous at 10 Hz TSIP (Trimble standard interface protocol) command packets
• ID byte• 4 command bytes
35
Atmega128 Outputs
IMU (3DMGX1) UART serial communication Initialize continuous data with 1 command
Ranger (SRF08) I2C serial communication Poll at 13 Hz Command to initiate measurement
Stargate or PC104 UART serial communication Send at 76 Hz (timed by IMU) TSIP (Trimble standard interface protocol) status packets
• ID byte• ~30 data bytes
36
Functionality to Develop
Heart beat / Watchdog functionality Real time guarantees Interrupt driven I2C, A/D Ultrasonic timing measurement