This paper provides a passivity based framework to synthesize lm2-stable digital control networks in which m strictly-output passive controllers can control n−m strictly-output passive plants. The communication between the plants and controllers can tolerate time varying delay and data dropouts. In particular, we introduce a power-junction-network, a general class of input-output-wave-variable-network which allows even a single controller (typically designed to control a single plant) to accurately control the output of multiple plants even if the corresponding dynamics of each plant is different. In addition to the power-junction-network we also introduce a passive downsampler (PDS) and passive upsampler (PUS) in order to further reduce networking traffic while maintaining stability and tracking properties. A detailed (soft real-time) set of examples shows the tracking performance of the networked control system.

The growing complexity of software used in large-scale, safety critical cyber-physical systems makes it increasingly difficult to expose and hence correct all potential defects. There is a need to augment the existing fault tolerance methodologies with new approaches that address latent software defects exposed at runtime. This paper describes an approach that borrows and adapts traditional `System Health Management' techniques to improve software dependability through simple formal specification of runtime monitoring, diagnosis, and mitigation strategies. The two-level approach to health management at the component and system level is demonstrated on a simulated case study of an Air Data Inertial Reference Unit (ADIRU). An ADIRU was categorized as the primary failure source for the in-flight upset caused in the Malaysian Air flight 124 over Perth, Australia in 2005.

Available: http://cse.wustl.edu/Research/Lists/Technical%20Reports/Attachments/942/tbmc_Jan_27_2011_08_59_PM.pdf Real-time systems face significant challenges in thermal management with their adoption of modern multicore processors. While earlier research on feedback thermal control has shown promise in dealing with the uncertainties in the thermal characteristics, multicore processors introduce new challenges that cannot be handled by previous solutions designed for single-core processors. Multicore processors require the temperatures and real-time performance of multiple cores to be controlled simultaneously, leading to multi-input-multi-output (MIMO) control problems with inter-core thermal coupling. Furthermore, current Dynamic Voltage and Frequency Scaling (DVFS) mechanisms only support a finite set of states, leading to discrete control variables that cannot be handled by standard linear control techniques. This paper presents Real-Time Multicore Thermal Control (RT-MTC), the first feedback thermal control framework specifically designed for multicore real-time systems. RT-MTC dynamically enforces both the temperature and the CPU utilization bounds of a multicore processor through DVFS with discrete frequencies. RT-MTC employs a highly efficient controller that integrates saturation and proportional control components rigorously designed to enforce the desired core temperature and CPU utilization bounds. It handles discrete frequencies through a PulseWidth Modulation (PWM) that achieves effective thermal control by manipulating the dwelling time of discrete frequencies. As a result RT-MTC can achieve effective thermal control with only a small number of frequencies typical in current processors. The robustness and advantages of RTMTC over existing thermal control approaches are demonstrated through extensive simulations under a wide range of uncertainties in term of power consumption.

Ever increasing complexity of software used in large-scale, safety critical cyber-physical systems makes it increasingly difficult to expose and thence correct all potential bugs. There is a need to augment the existing fault tolerance methodologies with new approaches that address latent software bugs exposed at runtime. This paper describes an approach that borrows and adapts traditional `Systems Health Management' techniques to improve software dependability through simple formal specification of runtime monitoring, diagnosis and mitigation strategies. The two-level approach of Health Management at Component and System level is demonstrated on a simulated case study of an Air Data Inertial Reference Unit (ADIRU). That subsystem was categorized as the primary failure source for the in-flight upset caused in the Malaysian Air flight 124 over Perth, Australia in August 2005.

Virtual evaluation of complex command and control concepts demands the use of heterogeneous simulation environments. Development challenges include how to integrate multiple simulation engines with varying semantics and how to integrate simulation models and manage the complex interactions between them. While existing simulation frameworks may provide many of the required run-time services needed to coordinate among multiple simulation engines, they lack an overarching integration approach that connects and relates the interoperability of heterogeneous domain models and their interactions. This paper outlines some of the challenges encountered in developing a command and control simulation environment and discusses our use of the Generic Modeling Environment tool suite to create a model-based integration approach that allows for rapid synthesis of complex high-level architecture-based simulation environments.

This paper discusses our initial efforts in constructing physics of failure models for electrolytic capacitors subjected to electrical stressors in DC-DC power converters. Electrolytic capacitors and MOSFET’s are known to be the primary causes for degradation and failure in DC-DC converter systems. We have employed a topological energy based modeling scheme based on the bond graph (BG) modeling language for building parametric models of multi-domain systems, such as motors and pumps. In previous work, we have conducted experimental studies to validate an empirical physics of failure model based on Arrhenius Law for equivalent series resistance (ESR) increase in electrolytic capacitors operating under nominal conditions. In this paper, our focus shifts to deriving first principle models of capacitor degradation that explain both the ESR increase and the decrease in capacitance over time when the capacitor is operated under electrical stress conditions. Experimental studies are run in parallel, and data collected from these studies are used to validate the generated models. In the future, they will also be used to compute model parameters, so that the overall goal of deriving accurate models of capacitor degradation, and using them to predict performance changes in DC-DC converters is realized.

Cyber-physical systems, such groups of unmanned aerial vehicles, are often monitored and controlled by networked control systems (NCS). NCS are deployed in many environments subject to realistic, complex network interactions, so evaluation of NCS is crucial to ensuring that NCS function as intended. Given the varied nature of NCS, it is appropriate to use a heterogenous simulation environment to capture the dynamics; however, the design and integration of heterogeneous simulation environments is a complex problem. In this work we present the Networked Control System Wind Tunnel (NCSWT), an integrated simulation environment for NCS. The NCSWT integrates MATLAB/Simulink and ns-2 according to the High Level Architecture standard. We demonstrate the convenience and efficiency of the NCSWT using several case studies where realistic network effects such as data drops and delays are introduced. We also demonstrate the flexibility and power of the tool in modeling realistic NCS.

Software evolution is critical to extending the utility and life of distributed real-time and embedded (DRE) systems. Determining the optimal set of software and hardware components to evolve that (1) incorporate cutting-edge technology and (2) satisfy DRE system resource constraints, such as memory, power, and CPU usage is an NP-Hard problem. This article provides four contributions to evolving legacy DRE system configurations. First, we present the Software Evolution Analysis with Resources (SEAR) technique for converting legacy DRE system configurations, external resource availabilities, and candidate replacement components into multiple-choice multidimension knapsack problems (MMKP). Second, we present a formal methodology for assessing the validity of evolved system configurations. Third, we apply heuristic approximation algorithms to determine low-cost, high value evolution paths in polynomial time. Finally, we analyze results of experiments that apply these techniques to determine which technique is most effective for given system parameters. Our results show that constraint solvers can only evolve small system configurations, whereas approximation techniques are needed to evolve larger system configurations.

We consider the problem of incremental cycle analysis for dataflow models in the Embedded Systems Modeling Language (ESMoL). We give a general form of a cycle enumeration algorithm that makes use of graph hierarchy to improve analysis efficiency. Our framework also stores simple connectivity information in the model to accelerate future cycle analyses when additional components are added or modifications are made. Finally we give a mapping from a term algebraic model of the ESMoL component model and logical dataflow sublanguages to the analysis framework, and an evaluation on a fixed-wing aircraft controller model. This is part of a larger effort to integrate cycle analysis into the ESMoL tool suite to aid well-formedness checking during model construction.

Over the past decade, wireless sensor networks have advanced in terms of hardware design, communication protocols, resource efficiency, and other aspects. Recently, there has been much focus on mobile wireless sensor networks, and several small-profile sensing devices that are able to control their own movement have already been developed. Unfortunately, resource constraints inhibit the use of traditional navigation methods, because these typically require bulky, expensive, and sophisticated sensors, substantial memory and processor allocation, and a generous power supply. Therefore, alternative navigation techniques are required. In this paper we present TripNav, a localization and navigation system that is implemented entirely on resource-constrained wireless sensor nodes. Localization is realized using radio interferometric angle of arrival estimation, in which bearings to a mobile node from a small number of infrastructure nodes are estimated based on the observed phase differences of an RF interference signal. The position of the mobile node is then determined using triangulation. A digital compass is also employed to keep the mobile node from deviating from the desired trajectory. We demonstrate using a real-world implementation that a resource-constrained mobile sensor node can accurately perform waypoint navigation with an average position error of 0.95 m.

In the past decade, numerous consensus protocols for networked multi-agent systems have been proposed. Although some forms of robustness of these algorithms have been studied, reaching consensus securely in networked multi-agent systems, in spite of intrusions caused by malicious agents, or adversaries, has been largely underexplored. In this work, we consider a general model for adversaries in Euclidean space and introduce a consensus problem for networked multi-agent systems similar to the Byzantine consensus problem in distributed computing. We present the Adversarially Robust Consensus Protocol (ARC-P), which combines ideas from consensus algorithms that are resilient to Byzantine faults and from linear consensus protocols used for control and coordination of dynamic agents. We show that ARC-P solves the consensus problem in complete networks whenever there are more cooperative agents than adversaries. Finally, we illustrate the resilience of ARC-P to adversaries through simulations and compare ARC-P with a linear consensus protocol for networked multi-agent systems.

$m$-Triangular Systems are dynamical physical systems which can be described by $m$ triangular subsystem models. Many physical system models such as those which describe fixed-wing and quadrotor aircraft can be realized as $m$-Triangular Systems. However, many control engineers try to fit their dynamical model into a $1$-Triangular System model. This is commonly seen in the backstepping control community in which they have developed pioneering adaptive control laws which can explicitly account for operating state constraints. We shall demonstrate that such control laws can even be implemented in a non-adaptive form while still addressing actuator limitations such as saturation. However, most importantly, by removing the adaptation component, a {\em strictly output passive} input-output mapping can be realized. This important property is most applicable to the networked control community. For the networked control community, this {\em key property} allows us to integrate an aircraft into our framework such that a {\em discrete-time lag compensator} can be used by a ground control station for remote navigation in a {\em safe and stable manner in spite of time-varying delays and random data loss}. The applicability of our result shall be made clear as we demonstrate how an inertial navigation system for a quadrotor aircraft can be constructed. Specifically: i) the desired inertial position ($\zeta_s=[\zeta_{Ns},\zeta_{Es},\zeta_{Ds}]\tr$) and yaw ($\psi_s$) setpoints can be concatenated to consist of the {\em virtual} desired setpoint ($\bar{u}=[\zeta_s \tr, \psi_s]\tr$); ii) the {\em virtual} desired setpoint corresponds to the $m=3$-concatenated state outputs $\bar{x}=[x_{(1,1)}\tr,x_{(2,1)}\tr,x_{(3,1)}\tr]\tr = [[\zeta_{N},\zeta_{E}],\zeta_{D},\psi]\tr$; which iii) are augmented such that the output $\bar{v}$ equals $\bar{x}$ at steady-state operation; iv) using Lemma~\ref{L:sop_bstep} we can show that the backstepping framework renders the quadrotor aircraft to be strictly output passive (sop) ($\dot{V}(v) \leq -\epsilon_b \bar{v}\tr \bar{v} + \bar{v}\tr \bar{u}$) such that $V(v)=\frac{1}{2}v\tr v$ is a Lyapunov function in terms of all concatenated system states $v$ associated with the $m$-Triangular System. Lemma~\ref{L:PassiveClosedLoop} then shows how the resulting continuous-time strictly output passive system involving the quadrotor aircraft can be integrated into an advanced digital control framework such that a strictly output passive {\em discrete-time lag} compensator can be used to control the inertial position from a ground-station in an $L^m_2$-stable manner such that time-delays and data loss will not cause instabilities.

In model-based development, verification techniques can be used to check whether an abstract model satisfies a set of properties. Ideally, implementation code generated from these models can also be verified against similar properties. However, the distance between the property specification languages and the implementation makes verifying such generated code difficult. Optimizations and renamings can blur the correspondence between the two, further increasing the difficulty of specifying verification properties on the generated code. This paper describes methods for specifying verification properties on abstract models that are then checked on implementation level code. These properties are translated by an extended code generator into implementation code and special annotations that are used by a software model checker.