Hybrid and Embedded Systems and Control Theory

Download Report

Transcript Hybrid and Embedded Systems and Control Theory 

Robust Hybrid and
Embedded Systems Design
Jerry Ding, Gabe Hoffmann, Haomiao Huang,
Vijay Pradeep, Jonathan Sprinkle, Steven Waslander,
Edward Lee, Shankar Sastry, Claire Tomlin
MURI Review Meeting
Frameworks and Tools for High-Confidence Design of Adaptive,
Distributed Embedded Control Systems
Berkeley, CA
September 6, 2007
Outline
Our MURI…. “Top down meets bottom up”
Requirements specification
 Verification methods and tools at each
Function modeling
layer and simulation
 Automatic generation of verified code
SW/HW architecture
modeling
and of
simulation
 Automatic
generation
test suites for each
layer
 Tools and testbeds for low level software
Systems design
analysis






Code generation and verification


In this talk:
Reachable
sets
for verifying hybrid control
Allocation and
scheduling
analysis
protocols
 Quadrotor testbed: control and software
architecture
2
Reachable sets for verifying control
protocols: aerial refueling example
human
pilot
δ = Long. Tolerance for
Catching Boom
ΔW = Lat. Tolerance for
Catching Boom
Target Set
for Refueling
human
operated
boom
1
δ
ΔW
7
4
5
Boeing
3
2
6
3
3
Formation Transition Language
{x∈G67}
Move
Forward
x  f x,u67 
Break
Away
Stationary 7
x  f x, ust 
FB
Stationary 1
x  f x, ust 
Rejoin
Fallback 5
x  f x,u12 
Stationary 6
x  f x, ust 
{x∈G56}
Move
Right
x  f x,u56 
FB
Fallback 4
x  f x,u23 
x  f x,u67 
Gij = Target Set of Manuever
from Stationary i to Stationary j
{x∈G45}
FB
Stationary 2
x  f x, ust 
Fallback 2
x  f x,u56 
Move
Back
x  f x,u45 
FB
Fallback 3
x  f x,u45 
Postcapture
or
Fuel Wave Off
{x∈G12}
FB
Fallback 1
FB = Fall back command
Stationary 5
Break x  f x, ust 
Away
Move
Back
x  f x,u12 
Stationary 4
(Fueling)
x  f x, ust 
FB
{x∈G34}
Move
Forward
x  f x,u34 
Precapture
Move
Left
x  f x,u23 
{x∈G23}
Stationary 3
x  f x, ust 
Capture
4
Reachable sets for Formation
Transition
 Generate
state-based reachable sets which can
be used to verify that taking a certain action is
or is not safe
controllable TOGA envelope
 Flare
vs. TOGA maneuver:
 Vehicles/personnel are
prevented from transitioning
in unsafe situations
intersection
 Intersection
calculations are
extremely fast (milliseconds)
controllable flare envelope
5
Reachable Sets for Individual
Transitions
 Targets
are small sets of states around the way points
Reachable Set for Precapture
Time Horizon: 10s
http://www.cs.ubc.ca/~mitchell/ToolboxLS/index.html
6
Simulation of Capture Sets
Complete refuel sequence with capture sets for all maneuvers
 User input specifies transitions between waypoints
 Capture sets can be used to minimize allotted time for each
maneuver
 In event of waveoff, UAV
attempts to go back to
previous waypoint
 Capture set gives
information about whether
UAV can return to
previous waypoint within
a given time horizon

7
Unsafe Sets for Individual Transitions
During any formation transition, need to prevent UAV from entering into
collision with tanker
 Unsafe set is set of states that can reach an unsafe zone within a given
time horizon

• Unsafe zone is set of
locations within a certain
radius of the tanker
• Provides information on which
maneuver should be executed
to prevent collision
Unsafe Set for
Capture
Time Horizon: 5s
8
Simulation of Multiple Reachable Sets
UAV starts in unsafe zone for capture
 Want to reach capture zone without any collisions

Red: Unsafe Move Forward
Yellow: Unsafe Capture
Capture Zone
Desired Trajectory
Magenta: Unsafe Left Turn
Green: Capture Reachable Set
9
Simulation of Multiple Reachable Sets

Visualization of unsafe sets together with capture sets allows for
construction of a sequence of safe maneuvers to enter capture zone
10
Synthesizing MATLAB scripts
After attaching semantics to the Formation
Transition Language, we will be able to synthesize
the MATLAB scripts, based on generalizations of
the prototypes which we’ve built by hand. Then,
“fallback” states can change, based on the model
built, not the static code.
11
Another example: Analysis of Traffic Alert
and Collision Avoidance System (TCAS)
NASA
12
Outline
Our MURI…. “Top down meets bottom up”
Requirements specification
 Verification methods and tools at each
Function modeling
layer and simulation
 Automatic generation of verified code
SW/HW architecture
modeling
and of
simulation
 Automatic
generation
test suites for each
layer
 Tools and testbeds for low level software
Systems design
analysis






Code generation and verification


In this talk:
Reachable
sets
for verifying hybrid control
Allocation and
scheduling
analysis
protocols
 Quadrotor testbed: control and software
architecture
13
Quadrotor testbed: control and software
architecture

Stanford Testbed of Autonomous Rotorcraft for Multi-Agent Control
(STARMAC)

Autonomous UAVs
 Onboard computation & sensors
 State and environment estimation
 Attitude, altitude, position and
trajectory control
 4 flightworthy vehicles
 More are being made

Testbed goals
 Quadrotor UAV design
 Cooperative multi-agent control
 Mobile sensor networks
14
STARMAC history
15
STARMAC Electronics System
LIDAR
RS232
URG-04LX
10 Hz ranges
115 kbps
Stereo Cam
Videre STOC
30 fps 320x240
480 Mbps
UART
Superstar II
10 Hz
19.2 kbps
UART
115 Kbps
UART
3DMG-X1
76 or 100 Hz
115 kbps
Ranger
I2C
SRF08
13 Hz Altitude
400 kbps
Ranger
Mini-AE
10-50 Hz Altitude
Pentium M
1GB RAM, 1.8GHz
Firewire
GPS
IMU
PC/104
RS232
480 Mbps
Est. & control
Stargate 1.0
Intel PXA255
64MB RAM, 400MHz
UART
Supervisor, GPS
CF
100 Mbps
WiFi
802.11g+
≤ 54 Mbps
WiFi
802.11b
≤ 5 Mbps
Robostix
Atmega128
Low level control
PPM
100 Hz
Analog
Beacon
Timing/
Analog
USB 2
Tracker/DTS
1 Hz
ESC & Motors
Phoenix-25, Axi 2208/26
16
STARMAC Network
Wifi
Netgear
Rangemax
802.11g+
Ethernet
100 Mbps
Control
Laptop
Computer
RS232
Pentium Core Duo
1 GB RAM, 2.16 GHz
≤ 54 Mbps
Ground
GPS
Superstar II
19.2 kbps
Running Labview and
ssh sessions
17
STARMAC Quadrotor Helicopter
Carbon Fiber
Tubing
Fiberglass
Honeycomb
Plastic Tube
Straps
Low Level
Control Processor
Robostix
High Level
Control Processor
Stargate SBC
or PC/104
GPS
Superstar II
Brushless
DC Motors
Axi 2208/26
Sonic Ranger
SRF08
Inertial Measurement
Unit (IMU)
3DMG-X1
LIDAR
Hokuyo
URG-04LX
Battery
Lithium
Polymer
Electronic
Speed
Controller
Phoenix 25
Stereo Vision
Videre Systems
Small Vision System
18
Quadrotor Helicopter Actuation

Two pairs of counter rotating blades provide torque balance

Angular accelerations and vertical acceleration are
controlled by varying the propeller speeds.
Yaw Torque
Roll/Pitch Torque
Total Thrust
19
Interfaces
signal
serial
UDP
Fcn call
STARMAC Code Architecture
COMM
CLASS
GPS
GPS comm
LIDAR
Lidar comm
Sensor
Processing
LIDAR
GPS
Calc
ROBO
Robo comm
GND
GND comm
Enviro
State
Estimator
Controller
Planner
Real Time
Controller
GUI & Storage
any
Flyers
Estimator
all
GUI (10 Hz)
all
Logging
Flyer comm
20
Other Testbed Applications
Decentralized Collision
Avoidance
Information Seeking
Target Localization
21
Multi-Vehicle Flight
22
backups
24
Decision Authority Language
 The
decision
authority language
can be specified as a
series of handshakes
between the UAV and
the human operators
Transition from Waypoint 1 to 2 (Breakaway 1)
(
boom.request(breakaway1, timeout)
or
ground.request(breakaway1, timeout)
uav.accept(breakaway1)
)
implies
uav.perform(breakaway1)
(
boom.request(fallback, timeout)
or
ground.request(fallback, timeout)
uav.accept(fallback_waypoint1)
)
implies
uav.perform(fallback_waypoint1)
(
uav.reach_target(breakaway1)
)
implies
uav.perform(levelflight_waypoint2)
25
Simulation of Latencies and Waveoff

MATLAB simulation
environment

Plots trajectories of
tanker and UAV

Updated in real-time
at 1 second
intervals

Allows fault injection
by user

UAV executes
fallback immediately
upon fault
1. Regular run, without faults
Green: Tanker
Red: UAV
26
Simulation of Latencies and Waveoff
2. Tanker waveoff during “precapture”
Separate waveoff
for tanker and
ground operators
 Latencies
simulated as delay
between waveoff
and UAV confirm
 Fallback executed
only when UAV
confirms
 Latencies currently
hard coded

Green: Tanker
Red: UAV
27
Simple Illustration of Reachable Sets
 It
has been shown (Mitchell, et al. 2005) that the reachable
set is the solution to the Hamilton-Jacobi PDE:

  
 H  x,
  0,  ( x,0)  0 ( x)
t
 x 
H  x, p   min p T f ( x, u )
uU
• The level set function Φ(x,t) defines implicitly the boundary
of the reachable set at time t
• In general, the solution is difficult to obtain analytically
• A numerical toolbox for MATLAB is available to
approximate the solution (Mitchell 2002-2007)
http://www.cs.ubc.ca/~mitchell/ToolboxLS/index.html
28
Simulation of Capture Sets
In event of waveoff, UAV attempts to go back to
previous waypoint
 Capture sets gives information about whether UAV
can return to previous waypoint within a given time
horizon

29
Dynamics


Not analogous to a
pendulum
Equations of motion
largely decoupled
* ignoring blade flapping effects
30
Low Level Control


Event Driven
Real-time execution based on


Known transmission / receipt rates
Measurement of code chunk execution times
Algorithm
Initialize hardware
Loop
Wait for termination of IMU data collection
Retrieve A/D measurements
Retrieve ultrasonic measurement, reinitiate
Compute control inputs for each motor
Set motor control inputs in PWM hardware
Initialize transmission of status
End
31
Low Level Control “Threads”

Main (76 Hz)



Interface for all threads
Computes control inputs
Controls hardware
•
•
•
•

Stargate Receive (10 Hz)



Parses IMU data
Computes checksum (using ring buffers)
Stargate Send (76 Hz)


Parses control packets
IMU Receive (76 Hz)


PWM Control
I2C Communication (initiate ultrasonic measurements, retrieve results)
A/D Conversion
Digital I/O
Buffered transmission of low level control status
IMU Send (irregular)

Buffered transmission of data requests (only needed to initiate continuous data)
32
Timeline


Timing is based on IMU measurements
Main requires additional timing considerations for



A/D
I2C
Control bytes from SG RX are used as they arrive
Main
(this is an asynchronous event)
SG RX
IMU RX
SG TX
IMU TX
33
Inputs to Atmega128

IMU (3DMGX1)





Ranger (SRF08)




Packet 0x31
UART serial communication
Continuous at 76 Hz (or 100 Hz), after initialized
Header byte, 11 data fields with 16 bit entries, 16 bit checksum
I2C serial communication
Polled at 13 Hz
Range return values, no checksum
Stargate or PC104



UART serial communication
Continuous at 10 Hz
TSIP (Trimble standard interface protocol) command packets
• ID byte
• 4 command bytes
34
Atmega128 Outputs

IMU (3DMGX1)



Ranger (SRF08)




UART serial communication
Initialize continuous data with 1 command
I2C serial communication
Poll at 13 Hz
Command to initiate measurement
Stargate or PC104



UART serial communication
Send at 76 Hz (timed by IMU)
TSIP (Trimble standard interface protocol) status packets
• ID byte
• ~30 data bytes
35
Functionality to Develop




Heart beat / Watchdog functionality
Real time guarantees
Interrupt driven I2C, A/D
Ultrasonic timing measurement
36