robust hybrid and embedded systems design
DESCRIPTION
Robust Hybrid and Embedded Systems Design. Jerry Ding, Gabe Hoffmann, Haomiao Huang, Vijay Pradeep, Jonathan Sprinkle, Steven Waslander, Edward Lee, Shankar Sastry, Claire Tomlin. MURI Review Meeting - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/1.jpg)
Robust Hybrid and Embedded Systems Design
Jerry Ding, Gabe Hoffmann, Haomiao Huang,
Vijay Pradeep, Jonathan Sprinkle, Steven Waslander,
Edward Lee, Shankar Sastry, Claire Tomlin
MURI Review Meeting
Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems
Berkeley, CA
September 6, 2007
![Page 2: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/2.jpg)
2
Outline
Requirements specification
Function modeling and simulation
SW/HW architecture modeling and simulation
Systems design
Code generation and verification
Allocation and scheduling analysis
Our MURI…. “Top down meets bottom up”
Verification methods and tools at each layer
Automatic generation of verified code Automatic generation of test suites for each
layer Tools and testbeds for low level software
analysis
In this talk: Reachable sets for verifying hybrid control
protocols Quadrotor testbed: control and software
architecture
![Page 3: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/3.jpg)
3 3
δ
ΔW
Target Set for Refueling
1
3
4
25
6
7
humanoperated
boom
humanpilot
δ = Long. Tolerance for Catching Boom
ΔW = Lat. Tolerance for Catching Boom
Reachable sets for verifying control protocols: aerial refueling example
Boeing
![Page 4: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/4.jpg)
4
Stationary 7
Stationary 1
Stationary 2
Stationary 3Stationary 4
(Fueling)
Stationary 5
Stationary 6
Formation Transition Language
MoveBack
12,uxfx
stuxfx ,
stuxfx ,
Break Away
{x∈G12}
MoveLeft 23,uxfx
Precapture
{x∈G23}
stuxfx ,
MoveForward
34,uxfx Capture
{x∈G34}
stuxfx ,
MoveBack
45,uxfx
Postcapture or
Fuel Wave Off
stuxfx ,
MoveRight
56,uxfx
Break Away
{x∈G56}
{x∈G45} stuxfx ,
stuxfx ,
MoveForward
67,uxfx
Rejoin
{x∈G67}
Gij = Target Set of Manuever from Stationary i to Stationary j
Fallback 2 56,uxfx
Fallback 1 67,uxfx
Fallback 3 45,uxfx
Fallback 4 23,uxfx
Fallback 5 12,uxfx
FB
FB
FB
FB
FB
FB
FB = Fall back command
![Page 5: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/5.jpg)
5controllable flare envelope
controllable TOGA envelopeintersection
Reachable sets for Formation Transition
Generate state-based reachable sets which can be used to verify that taking a certain action is or is not safe
Flare vs. TOGA maneuver:Vehicles/personnel are
prevented from transitioningin unsafe situations
Intersection calculations areextremely fast (milliseconds)
![Page 6: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/6.jpg)
6
Reachable Sets for Individual Transitions
Targets are small sets of states around the way points
Reachable Set for PrecaptureTime Horizon: 10s
http://www.cs.ubc.ca/~mitchell/ToolboxLS/index.html
![Page 7: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/7.jpg)
7
Simulation of Capture Sets
Complete refuel sequence with capture sets for all maneuvers User input specifies transitions between waypoints Capture sets can be used to minimize allotted time for each
maneuver In event of waveoff, UAV
attempts to go back to previous waypoint
Capture set gives information about whether UAV can return to previous waypoint within a given time horizon
![Page 8: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/8.jpg)
8
Unsafe Sets for Individual Transitions During any formation transition, need to prevent UAV from entering
into collision with tanker Unsafe set is set of states that can reach an unsafe zone within a
given time horizon
Unsafe Set for CaptureTime Horizon: 5s
• Unsafe zone is set of locations within a certain radius of the tanker
• Provides information on which maneuver should be executed to prevent collision
![Page 9: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/9.jpg)
9
Simulation of Multiple Reachable Sets UAV starts in unsafe zone for capture Want to reach capture zone without any collisions
Yellow: Unsafe Capture
Magenta: Unsafe Left Turn
Green: Capture Reachable Set
Red: Unsafe Move Forward
Capture Zone
Desired Trajectory
![Page 10: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/10.jpg)
10
Simulation of Multiple Reachable Sets
Visualization of unsafe sets together with capture sets allows for construction of a sequence of safe maneuvers to enter capture zone
![Page 11: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/11.jpg)
11
Synthesizing MATLAB scripts
After attaching semantics to the Formation Transition Language, we will be able to synthesize the MATLAB scripts, based on generalizations of the prototypes which we’ve built by hand. Then, “fallback” states can change, based on the model built, not the static code.
![Page 12: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/12.jpg)
12
Another example: Analysis of Traffic Alert and Collision Avoidance System (TCAS)
NASA
![Page 13: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/13.jpg)
13
Outline
Requirements specification
Function modeling and simulation
SW/HW architecture modeling and simulation
Systems design
Code generation and verification
Allocation and scheduling analysis
Our MURI…. “Top down meets bottom up”
Verification methods and tools at each layer
Automatic generation of verified code Automatic generation of test suites for each
layer Tools and testbeds for low level software
analysis
In this talk: Reachable sets for verifying hybrid control
protocols Quadrotor testbed: control and software
architecture
![Page 14: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/14.jpg)
14
Quadrotor testbed: control and software architecture
Autonomous UAVs Onboard computation & sensors State and environment estimation Attitude, altitude, position and
trajectory control 4 flightworthy vehicles More are being made
Testbed goals Quadrotor UAV design Cooperative multi-agent control Mobile sensor networks
Stanford Testbed of Autonomous Rotorcraft for Multi-Agent Control (STARMAC)
![Page 15: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/15.jpg)
15
STARMAC history
![Page 16: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/16.jpg)
16
STARMAC Electronics System
WiFi802.11b
≤ 5 Mbps
ESC & MotorsPhoenix-25, Axi 2208/26
IMU3DMG-X1
76 or 100 Hz
RangerSRF08
13 Hz Altitude
GPSSuperstar II
10 Hz
I2C400 kbps
PPM100 Hz
UART19.2 kbps
RobostixAtmega128
Low level control
UART115 kbps
CF100 Mbps
Stereo CamVidere STOC
30 fps 320x240
Firewire480 Mbps
UART115 Kbps
LIDARURG-04LX
10 Hz ranges
RangerMini-AE
10-50 Hz Altitude
BeaconTracker/DTS
1 Hz
WiFi802.11g+
≤ 54 Mbps
USB 2480 Mbps
RS232115 kbps
Timing/Analog
Analog
RS232
UART
Stargate 1.0Intel PXA255
64MB RAM, 400MHz
Supervisor, GPS
PC/104Pentium M
1GB RAM, 1.8GHz
Est. & control
![Page 17: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/17.jpg)
17
STARMAC Network
WifiNetgear
Rangemax 802.11g+
≤ 54 Mbps
GroundGPS
Superstar II
Control Laptop
ComputerPentium Core Duo
1 GB RAM, 2.16 GHz
Running Labview and ssh sessions
RS23219.2 kbps
Ethernet100 Mbps
![Page 18: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/18.jpg)
18
STARMAC Quadrotor Helicopter
BatteryLithium Polymer
BrushlessDC MotorsAxi 2208/26
Sonic RangerSRF08
Inertial MeasurementUnit (IMU)3DMG-X1
High LevelControl Processor
Stargate SBCor PC/104
Low Level Control Processor
Robostix
GPSSuperstar II
Electronic Speed
ControllerPhoenix 25
Plastic Tube Straps
Carbon Fiber Tubing
Fiberglass Honeycomb
LIDARHokuyo
URG-04LX
Stereo VisionVidere Systems
Small Vision System
![Page 19: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/19.jpg)
19
Quadrotor Helicopter Actuation
Yaw Torque
Roll/Pitch Torque Total Thrust
Two pairs of counter rotating blades provide torque balance
Angular accelerations and vertical acceleration are controlled by varying the propeller speeds.
![Page 20: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/20.jpg)
20
COMMCLASS
GUI & Storage
Sensor Processing
Controller
Planner
Real TimeController
GPS
LIDAR
ROBO
GND
Estimator
GPSCalc
StateEstimator
GPS comm
Lidar comm
GND comm
Flyers Flyer comm
GUI (10 Hz)
Logging
EnviroLIDAR
Robo comm
signalserialUDP
Interfaces
Fcn call
all
all
any
STARMAC Code Architecture
![Page 21: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/21.jpg)
21
Information Seeking Target Localization
Other Testbed Applications
Decentralized Collision Avoidance
![Page 22: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/22.jpg)
22
Multi-Vehicle Flight
![Page 23: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/23.jpg)
![Page 24: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/24.jpg)
24
backups
![Page 25: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/25.jpg)
25
Decision Authority LanguageThe decision
authority language can be specified as a series of handshakes between the UAV and the human operators
![Page 26: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/26.jpg)
26
Simulation of Latencies and Waveoff1. Regular run, without faults
Green: TankerRed: UAV
MATLAB simulation environment
Plots trajectories of tanker and UAV
Updated in real-time at 1 second intervals
Allows fault injection by user
UAV executes fallback immediately upon fault
![Page 27: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/27.jpg)
27
Simulation of Latencies and Waveoff
Separate waveoff for tanker and ground operators
Latencies simulated as delay between waveoff and UAV confirm
Fallback executed only when UAV confirms
Latencies currently hard coded
2. Tanker waveoff during “precapture”
Green: TankerRed: UAV
![Page 28: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/28.jpg)
28
Simple Illustration of Reachable Sets
It has been shown (Mitchell, et al. 2005) that the reachable set is the solution to the Hamilton-Jacobi PDE:
• The level set function Φ(x,t) defines implicitly the boundary of the reachable set at time t
• In general, the solution is difficult to obtain analytically• A numerical toolbox for MATLAB is available to
approximate the solution (Mitchell 2002-2007)
http://www.cs.ubc.ca/~mitchell/ToolboxLS/index.html
)()0,(,0, 0 xxx
xHt
),(min, uxfppxH T
Uu
![Page 29: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/29.jpg)
29
Simulation of Capture Sets
In event of waveoff, UAV attempts to go back to previous waypoint
Capture sets gives information about whether UAV can return to previous waypoint within a given time horizon
![Page 30: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/30.jpg)
30
Dynamics
Not analogous to a pendulum
Equations of motionlargely decoupled
* ignoring blade flapping effects
![Page 31: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/31.jpg)
31
Low Level Control
Algorithm
Initialize hardwareLoop Wait for termination of IMU data collection Retrieve A/D measurements Retrieve ultrasonic measurement, reinitiate Compute control inputs for each motor Set motor control inputs in PWM hardware Initialize transmission of statusEnd
Event Driven Real-time execution based on
Known transmission / receipt rates Measurement of code chunk execution times
![Page 32: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/32.jpg)
32
Low Level Control “Threads”
Main (76 Hz) Interface for all threads Computes control inputs Controls hardware
• PWM Control• I2C Communication (initiate ultrasonic measurements, retrieve results)• A/D Conversion• Digital I/O
Stargate Receive (10 Hz) Parses control packets
IMU Receive (76 Hz) Parses IMU data Computes checksum (using ring buffers)
Stargate Send (76 Hz) Buffered transmission of low level control status
IMU Send (irregular) Buffered transmission of data requests (only needed to initiate continuous data)
![Page 33: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/33.jpg)
33
Timeline
IMU RX
SG RX
SG TX
IMU TX
Main
(this is an asynchronous event)
Timing is based on IMU measurements Main requires additional timing considerations for
A/D I2C
Control bytes from SG RX are used as they arrive
![Page 34: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/34.jpg)
34
Inputs to Atmega128
IMU (3DMGX1) Packet 0x31 UART serial communication Continuous at 76 Hz (or 100 Hz), after initialized Header byte, 11 data fields with 16 bit entries, 16 bit checksum
Ranger (SRF08) I2C serial communication Polled at 13 Hz Range return values, no checksum
Stargate or PC104 UART serial communication Continuous at 10 Hz TSIP (Trimble standard interface protocol) command packets
• ID byte• 4 command bytes
![Page 35: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/35.jpg)
35
Atmega128 Outputs
IMU (3DMGX1) UART serial communication Initialize continuous data with 1 command
Ranger (SRF08) I2C serial communication Poll at 13 Hz Command to initiate measurement
Stargate or PC104 UART serial communication Send at 76 Hz (timed by IMU) TSIP (Trimble standard interface protocol) status packets
• ID byte• ~30 data bytes
![Page 36: Robust Hybrid and Embedded Systems Design](https://reader030.vdocuments.us/reader030/viewer/2022032606/56812e50550346895d93edea/html5/thumbnails/36.jpg)
36
Functionality to Develop
Heart beat / Watchdog functionality Real time guarantees Interrupt driven I2C, A/D Ultrasonic timing measurement