Presentation is loading. Please wait.

Presentation is loading. Please wait.

Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and.

Published byJohn Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and."— Presentation transcript:

1 title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and many others…

2 title 11/5/2000 Run-time Formal Analysis Run-time formal analysis ensures the run-time compliance of an execution of a system with its formal requirement. The analysis validates properties on the current execution of application. The analysis can –detect incorrect execution of applications –predict error and steer computation –collect statistics of actual execution

3 title 11/5/2000 System Spec System Spec Requirement Spec Requirement Spec Formal verification Design System Implementation System Implementation Monitoring Data Monitoring Data Implementation Event Recognizer + Checker Event Recognizer + Checker System Filter Communication Run-time Check MaCS Methodology

4 title 11/5/2000 MaCS Asynchronous Control Cycle Identify safe spots in the implementation to apply steering Detect violations as they occur and initiate steering Execute steering actions when it is safe System Checker monitor detect ! invoke execute

5 title 11/5/2000 MaCS Synchronous Control Cycle In critical situations, asynchronous cycle may not be suffient Check for violations before critical updates Pause the system until the checker confirms Steer if violation occurs System Checker monitor detect ! invoke compute update compute update compute execute update

6 title 11/5/2000 MaCS languages Run-time state: control locations object state local variables Abstract state: events conditions auxiliary variables MEDL PEDL SADL

7 title 11/5/2000 Property checking A MEDL specification can be seen as an automaton with auxiliary store running on a stream of events provided by the event recognizer aux. variables

8 title 11/5/2000 Data extraction and event detection PEDL script –describes monitored objects in the program, statically identifying them in the code –defines events in terms of monitored objects Technical challenge: –all updates to the monitored objects must be detected

9 title 11/5/2000 Steering (asynchronous) SADL script –defines steering actions –identifies locations in the code where the actions can be executed steering condition i satisfied execution Invocation flags Action bodies 0in 0 i n test call Checker invoke

10 title 11/5/2000 MaCS toolset Program (Java byte code) Monitoring Script (PEDL) Requirements (MEDL) PEDLCompiler MEDLCompiler Instrumented Code Filter Generator (JTREK) Instrumentation Information Compiled PEDL Compiled MEDL Event Recognizer Checker Steering Script (SADL) SADLCompiler Instrumentation Information Injector class (Java byte code)

11 title 11/5/2000 Simplex architecture Simplex (Simple and Complex) architecture allows the insertion of control software on the fly while maintaining system reliability. It is not possible to test new control software completely. Developed by Lui Sha, et al. (University of Illinois)

12 title 11/5/2000 Overview of Simplex Architecture Safety Baseline Experimental Decision Module Physical System usus ubub ueue xu SC BC EX x0x0 Equilibrium state

13 title 11/5/2000 Inverted Pendulum Hard constraints: State vector: The control problem is solved using LMI and LQR and the linearized dynamics of the system. The stability region is given by Soft constraints: A performance index, e.g., Relative stability in time domain or frequency domain Bandwidth m l  x g M ufuf

14 title 11/5/2000 IP eSimplex implementation Device Drivers angle, track volts Decision Module Experimental Controller Switching logic Safety Controller

15 title 11/5/2000 eSimplex in MaCS Goal: –Provide a prototyping framework for control engineers –Separate control design from software engineering Approach: –A system is an extensible collection of controllers –Monitor switching conditions –Implement controller switches using steering

16 title 11/5/2000 eSimplex in MaCS Device Drivers angle, track volts Decision Module Experimental Controller Switching logic Safety Controller JNIJNI JNI monitor steer

17 title 11/5/2000 Java implementation of eSimplex Controller interface: public interface Controller { public float sendCommand(double angle, double track, double period); } Decision module: static SafetyController SC = new SafetyController(); static ExternalController EC = new EC1(); static Controller ctr; public void setSC() { ctr = SC; } public void setEC() { ctr = EC; } public int control(long frequency) { angle = nativeGetAngle(); track = nativeGetTrack(); volts = ctr.sendCommand(angle,track,frequency/1000.0); nativeSendCommand (volts); }

18 title 11/5/2000 Monitoring: IP.pedl MonScr IP export event ev_track_pos,ev_current_angle, ev_volts, startPgm; monobj int DecisionModule.period; monobj float DecisionModule.track; monobj float DecisionModule.angle; monobj float DecisionModule.volts; event startPgm = update(DecisionModule.period); event ev_current_angle = update(DecisionModule.angle); event ev_track_pos = update(DecisionModule.track); event ev_volts=update(DecisionModule.volts); end

19 title 11/5/2000 Checking: IP.medl Detecting violations ev_current_angle -> { theta' = value(ev_current_angle,0)/52.29578; thetadot' = (theta' - theta) / 0.040; } ev_track_pos-> { x' = value(ev_track_pos,0)/ 100; xdot' = (x' - x) / 0.040; } condition abnormal = (track_pos' > 40 || track_pos' = 4 ; event invokeSafeController = start(abnormal) when (controller == 1); event invokeExternalController = start(nTimer'%500 == 0) when (controller == 0); invokeSafeController -> { invoke change2SC(); controller = 0; } invokeExternalController -> { invoke change2EC(); controller = 1; }

20 title 11/5/2000 Checking: IP.medl Safety envelope computation event calcSafeVal = ev_volts when (controller == 1); calcSafeVal -> { volts'= value(ev_volts,0); xa_0' = x + 0.00051281 * theta + 0.017961 * xdot + 0.0000026781*thetadot + 0.0003618 * volts'; xa_1' = -1.0056 * theta + 0.0046419 * xdot - 0.020029 * thetadot – 0.00082708 * volts'; xa_2' = 0.049519 * theta + 0.80322 * xdot + 0.00043546 * thetadot + 0.034913 * volts'; xa_3' = -0.55967* theta + 0.44824*xdot - 1.0048*thetadot - 0.079879 * volts'; temp_0' = 37.62 *xa_0' + 58.22 * xa_1' + 17.87 *xa_2' + 11.61 *xa_3' ; temp_1' = 58.22 *xa_0' + 313.16 * xa_1' + 69.36 *xa_2' + 56.09 *xa_3' ; temp_2' = 17.87 *xa_0' + 69.36 * xa_1' + 29.81*xa_2' + 14.81*xa_3' ; temp_3' = 11.61 *xa_0' + 56.09 * xa_1' + 14.81 * xa_2' + 12.04*xa_3' ; safeVal' = xa_0'*temp_0' + xa_1'*temp_1' + xa_2'*temp_2' + xa_3'*temp_3'; }

21 title 11/5/2000 Steering: IP.sadl steering script IP steered objects DecisionModule IP:dm; float DecisionModule:volts; steering action change2EC= { call (IP:dm).setEC(); } before read DecisionModule:volts; steering action change2SC= { call (IP:dm).setSC(); } before read DecisionModule:volts; end

22 title 11/5/2000 Demonstration Checker detects violations when the experimental controller is running –Switches to safe controller when a violation is detected –After fixed time switches back to the experimental controller A terribly bad experimental controller –Sends constant output to the motor regardless of the situation

23 title 11/5/2000 Experimental results MaCS can successfully detect safety violations in eSimplex and force switching to the safety controller Keeps the pendulum upright even if the experimental controller fails completely Turnaround time for the detection/steering cycle is significantly smaller than the eSimplex control cycle –synchronous steering is possible

24 title 11/5/2000 Future directions Implement synchronous steering –Extend SADL to have both synchronous and asynchronous actions –Modify instrumentation to pause the program Note that steering is now tied to specific updates Coordination with PEDL may be needed MaCS on real-time Java Distributed MaCS

Download ppt "Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and."

Similar presentations

MaC Monitoring and Checking at Runtime (Continue) Presented By Usa Sammapun CIS 700 Oct 12, 2005.

MaC Monitoring and Checking at Runtime (Continue) Presented By Usa Sammapun CIS 700 Oct 12, 2005.
Executional Architecture

Executional Architecture
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha.

The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha.
ECE 720T5 Fall 2011 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2011 Cyber-Physical Systems Rodolfo Pellizzoni.
Dynamic Typing COS 441 Princeton University Fall 2004.

Dynamic Typing COS 441 Princeton University Fall 2004.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
Generative Programming for a Component-based Framework of Distributed Embedded Software Systems Xu Ke, Krzysztof Sierszecki Mads Clausen Institute for.

Generative Programming for a Component-based Framework of Distributed Embedded Software Systems Xu Ke, Krzysztof Sierszecki Mads Clausen Institute for.
Component Interaction in Distributed Systems Nat Pryce Imperial College

Component Interaction in Distributed Systems Nat Pryce Imperial College
MaC Monitoring and Checking at Runtime Presented By Usa Sammapun CIS 700 Oct 10, 2005.

MaC Monitoring and Checking at Runtime Presented By Usa Sammapun CIS 700 Oct 10, 2005.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F33615-00-C-1707.

SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F C-1707.
On Effective Testing of Health Care Simulation Software Christian Murphy, M.S. Raunak, Andrew King, Sanjian Chen, Christopher Imbriano, Gail Kaiser, Insup.

On Effective Testing of Health Care Simulation Software Christian Murphy, M.S. Raunak, Andrew King, Sanjian Chen, Christopher Imbriano, Gail Kaiser, Insup.
Program Checking Sampath Kannan University of Pennsylvania.

Program Checking Sampath Kannan University of Pennsylvania.
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
February 21, 2008 Center for Hybrid and Embedded Software Systems Mapping A Timed Functional Specification to a Precision.

February 21, 2008 Center for Hybrid and Embedded Software Systems Mapping A Timed Functional Specification to a Precision.

Similar presentations

Ads by Google