Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fardin Abdi, Renato Mancuso, Stanley Bak, Or Dantsker, Marco Caccamo

Published byWarren Griffin Modified over 5 years ago

Similar presentations

Presentation on theme: "Fardin Abdi, Renato Mancuso, Stanley Bak, Or Dantsker, Marco Caccamo"— Presentation transcript:

1 Fardin Abdi, Renato Mancuso, Stanley Bak, Or Dantsker, Marco Caccamo
21st Conference on Emerging Technologies Factory Automation Reset-Based Recovery for Real-Time Cyber-Physical Systems with Temporal Safety Constraints Fardin Abdi, Renato Mancuso, Stanley Bak, Or Dantsker, Marco Caccamo

2 Safety Critical CPS

3 CPS Safety Constraints
Physical Limits Regulations MAX Altitude by FAA

4 Safety is Only Meaningful with Liveliness

5 Software Faults: Main Obstacle for Safety and Liveliness

6 Software Fault; A major challenge
Verification: Cost Correctness Upgrades Time/Cost 3rd party SW Specialized Knowledge Not always doable Testing: No Guarantees

7 Our approach: Tolerate Faults and Recover using Restarts

8 Recovery Using Restarts
Cyber-Physical Systems Traditional Computers First, most of the bugs in production quality software are Heisenbugs \cite{candea2001recursive} which are hard to reproduce or depend on the timing of external events, for example race condition. Restarting is very effective in recovering from this type of bugs. Second, restarting can claim all the stale resources, clean up all the corrupt state (e.x. memory leaks, dangling pointers, damaged heap) and take system back into a known well-tested state within a predictable amount of time

9 Two Type of Safety Constraints

10 System Constraints I: Linear Constraints:
Example: \left\{ \begin{array}{cc} p < 2 &\\ p/4 + t < 2.5 &\\ \end{array}\right. pressure Temperature

11 System Constraints II: Overrun Constraints:
Example: \text{Stress}(p) = \left\{ \begin{array}{cc} & p > 10\\ & p \leq 10\\ \end{array}\right. \int_{t}^{t+16} \text{Stress}(p(\tau))\cdot d\tau \leq 15 P=10 Power Time

12 Architecture WD timers: Restart the board if components fail
Sensors FS Switch Control Command Complex Controller Physical plant WD Timer MUX Safety Controller FS Enable RTR Module RESET PIN Rescue Unit Main Unit WD timers: Restart the board if components fail SC: Can always keep the system safe RTR: Predicts if the future states are safe CC: Not verified, can create unsafe commands FS switch: switch to SC during the restart Rescue Unit: Bare Metal, verified Main Unit: OS/Firmware Can fail

13 Fault Model Rescue Unit: Verified and no faults
RTR unit: Fail-stop failure model Complex Controller: Any type of fault

14 Safety Controller Design
Goals: To keep system within the Linear constraints To satisfy the overrun constraints To stay within the limits of actuators Strategy: To find a region where all the above are always satisfied To design a state feedback controller that keeps the system within that region

15 Finding a safe region for Overrun Constraints
Example: O = \{x | \text{Stress}(x) \leq \frac{C}{T^{win}}\} \forall t; \int_{t}^{t+{T^{win}}} \text{Stress}(x(\tau))\cdot d\tau \leq C

16 Safety Controller Design
Linear Constraints: Gamma: Intersection of all the Linear Inequalities. Overrun Constraints: Actuator Limits: a^T_m\cdot x \leq 1, m = 1, \dots, q,\\ c_{i,k}^T\cdot x \leq 1, k = 1, \dots, p_i, i = 1, \dots, p,\\ b^T_j\cdot u \leq 1, j=1,\dots,r Use an LMI solver, to find a linear state feedback controller and its Q matrix.

17 Under the control of SC, any point inside R, will remain inside R.
Stability Region Under the control of SC, any point inside R, will remain inside R. Gamma Stability Region, R

18 Switching Condition for Hard Constraints
\text{Reach}_{\leq T_{c}}(x, CC) \subseteq \mathcal{S} \text{Reach}_{\leq T_s}(\text{Reach}_{\leq T_{c}}(x, CC), SC) \subseteq \mathcal{S} \item$\text{Reach}_{= T_s }(\text{Reach}_{\leq T_{c}}(x, CC), SC) \subseteq \mathcal{R}

19 Switching Condition for Hard Constraints
Safe region, S Stability Region, R

20 Switching Conditions for Overrun Constraints
Due to design of Stability Region \int_{0}^{{T^{win}}} \text{\normalfont{Stress}}(x(\tau))\cdot d\tau \leq \alpha C

21 Switching Conditions for Overrun Constraints
We keep track of the past stress in an array. We predict future stress using reachability analysis. 𝑇 𝑤𝑖𝑛 = 14 𝑇 𝑐 10 3 5 4 7 9 11 1 16 2 6 8 15 Time Stored in array Future Predictions Interval of time Sum of stress in this interval of time Current Time

22 Evaluations

23 Restarting in Action

24 Flight Trace

25 Progress Analysis

26 Stability Region Size – Experiment 1
No Overrun constraints LMI-Simplex RTR, Our approach

27 Stability Region Size – Experiment 2
No Overrun constraints: LMI-Simplex RTR With Overrun constraints: Our approach

28 Thank You!

29 Support Slides

30 Introducing 𝜶 \Gamma = \{x| \\a^T_m\cdot x \leq 1, m = 1, \dots, q,\\ c_{i,k}^T\cdot x \leq 1, k = 1, \dots, p_i, i = 1, \dots, p,\\ b^T_j\cdot u \leq 1, j=1,\dots,r \}

31 If O was not Linear Finding a convex Region inside O:

32 How to predict stress using reachability.
MaxSumStress([ 𝑡 1 , 𝑡 2 ]): Return the maximum of integral of stress function in a given window [ 𝑡 1 , 𝑡 2 ] Power Time

Download ppt "Fardin Abdi, Renato Mancuso, Stanley Bak, Or Dantsker, Marco Caccamo"

Similar presentations

© Alan Burns and Andy Wellings, 2001 Real-Time Systems and Programming Languages n Buy Real-Time Systems: Ada 95, Real-Time Java and Real-Time POSIX by.

© Alan Burns and Andy Wellings, 2001 Real-Time Systems and Programming Languages n Buy Real-Time Systems: Ada 95, Real-Time Java and Real-Time POSIX by.
Avionics Panel Go For Luna Landing! Graham ONeil United Space Alliance March 2008.

Avionics Panel Go For Luna Landing! Graham ONeil United Space Alliance March 2008.
The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha.

The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha.
ECE 720T5 Fall 2011 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2011 Cyber-Physical Systems Rodolfo Pellizzoni.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.

1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.
Self-Stabilization in Distributed Systems Barath Raghavan Vikas Motwani Debashis Panigrahi.

Self-Stabilization in Distributed Systems Barath Raghavan Vikas Motwani Debashis Panigrahi.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Fardin Abdi, Brett Robins, Marco Caccamo University of Illinois at Urbana-Champaign Urbana-Champaign, USA {abditag2, robbins3, 1UIUC.

Fardin Abdi, Brett Robins, Marco Caccamo University of Illinois at Urbana-Champaign Urbana-Champaign, USA {abditag2, robbins3, 1UIUC.
Updating RT Embedded Software in the Field Lui Sha Real Time Systems Laboratory Department of CS, UIUC October, 2002.

Updating RT Embedded Software in the Field Lui Sha Real Time Systems Laboratory Department of CS, UIUC October, 2002.
1 ORTEGA: An Efficient and Flexible Online Fault Tolerance Architecture for Real-Time Control Systems Xue Liu, Qixin Wang, Sathish Gopalakrishnan, Wenbo.

1 ORTEGA: An Efficient and Flexible Online Fault Tolerance Architecture for Real-Time Control Systems Xue Liu, Qixin Wang, Sathish Gopalakrishnan, Wenbo.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Real-time systems. CS351 - Software Engineering (AY2004)2 Real-time systems Real-time (RT) Systems RT transaction Controlled Object Computer System Operator.

Real-time systems. CS351 - Software Engineering (AY2004)2 Real-time systems Real-time (RT) Systems RT transaction Controlled Object Computer System Operator.
Real-Time Systems and Programming Languages

Real-Time Systems and Programming Languages
Software Testing for Safety- Critical Applications Presented by: Ciro Espinosa & Daniel Llauger.

Software Testing for Safety- Critical Applications Presented by: Ciro Espinosa & Daniel Llauger.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.

Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.

Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
EMBEDDED SOFTWARE Team victorious Team Victorious.

EMBEDDED SOFTWARE Team victorious Team Victorious.

Similar presentations

Ads by Google