This paper provides a passivity based framework to synthesize lm2-stable
digital control networks in which m strictly-output passive controllers can control n−m
strictly-output passive plants. The communication between the plants and controllers
can tolerate time varying delay and data dropouts. In particular, we introduce a
power-junction-network, a general class of input-output-wave-variable-network which
allows even a single controller (typically designed to control a single plant) to accurately
control the output of multiple plants even if the corresponding dynamics of
each plant is different. In addition to the power-junction-network we also introduce a
passive downsampler (PDS) and passive upsampler (PUS) in order to further reduce
networking traffic while maintaining stability and tracking properties. A detailed (soft
real-time) set of examples shows the tracking performance of the networked control
system.
The growing complexity of software used in large-scale, safety critical cyber-physical systems makes it increasingly difficult to expose and hence correct all potential defects. There is a need to augment the existing fault tolerance methodologies with new approaches that address latent software defects exposed at runtime. This paper describes an approach that borrows and adapts traditional `System Health Management' techniques to improve software dependability through simple formal specification of runtime monitoring, diagnosis, and mitigation strategies. The two-level approach to health management at the component and system level is demonstrated on a simulated case study of an Air Data Inertial Reference Unit (ADIRU). An ADIRU was categorized as the primary failure source for the in-flight upset caused in the Malaysian Air flight 124 over Perth, Australia in 2005.
Available: http://cse.wustl.edu/Research/Lists/Technical%20Reports/Attachments/942/tbmc_Jan_27_2011_08_59_PM.pdf
Real-time systems face significant challenges in thermal management with their adoption of modern multicore processors. While earlier research on feedback thermal control has shown promise in dealing with the uncertainties in the thermal characteristics, multicore processors introduce new challenges that cannot be handled by previous solutions designed for single-core processors. Multicore processors require the temperatures and real-time performance of multiple cores to be controlled simultaneously, leading to multi-input-multi-output (MIMO) control problems with inter-core thermal coupling. Furthermore, current Dynamic Voltage and Frequency Scaling (DVFS) mechanisms only support a finite set of states, leading to discrete control variables that cannot be handled by standard linear control techniques. This paper presents Real-Time Multicore Thermal Control (RT-MTC), the first feedback thermal control framework specifically designed for multicore real-time systems. RT-MTC dynamically enforces both the temperature and the CPU utilization bounds of a multicore processor through DVFS with discrete frequencies. RT-MTC employs a highly efficient controller that integrates saturation and proportional control components rigorously designed to enforce the desired core temperature and CPU utilization bounds. It handles discrete frequencies through a PulseWidth Modulation (PWM) that achieves effective thermal control by manipulating the dwelling time of discrete frequencies. As a result RT-MTC can achieve effective thermal control with only a small number of frequencies typical in current processors. The robustness and advantages of RTMTC over existing thermal control approaches are demonstrated through extensive simulations under a wide range of uncertainties in term of power consumption.
Ever increasing complexity of software used in large-scale, safety critical cyber-physical systems makes it increasingly difficult to expose and thence correct all potential bugs. There is a need to augment the existing fault tolerance methodologies with new approaches that address latent software bugs exposed at runtime. This paper describes an approach that borrows and adapts traditional `Systems Health Management' techniques to improve software dependability through simple formal specification of runtime monitoring, diagnosis and mitigation strategies. The two-level approach of Health Management at Component and System level is demonstrated on a simulated case study of an Air Data Inertial Reference Unit (ADIRU). That subsystem was categorized as the primary failure source for the in-flight upset caused in the Malaysian Air flight 124 over Perth, Australia in August 2005.
Virtual evaluation of complex command and control concepts demands the use of heterogeneous simulation environments. Development challenges include how to integrate multiple simulation engines with varying semantics and how to integrate simulation models and manage the complex interactions between them. While existing simulation frameworks may provide many of the required run-time services needed to coordinate among multiple simulation engines, they lack an overarching integration approach that connects and relates the interoperability of heterogeneous domain models and their interactions. This paper outlines some of the challenges encountered in developing a command and control simulation environment and discusses our use of the Generic Modeling Environment tool suite to create a model-based integration approach that allows for rapid synthesis of complex high-level architecture-based simulation environments.
This paper discusses our initial efforts in constructing physics of failure models for electrolytic capacitors subjected to electrical stressors in DC-DC power converters. Electrolytic capacitors and MOSFET’s are known to be the primary causes for degradation and failure in DC-DC converter systems. We have employed a topological energy based modeling scheme based on the bond graph (BG) modeling language for building parametric models of multi-domain systems, such as motors and pumps. In previous work, we have conducted experimental studies to validate an empirical physics of failure model based on Arrhenius Law for equivalent series resistance (ESR) increase in electrolytic capacitors operating under nominal conditions. In this paper, our focus shifts to deriving first principle models of capacitor degradation that explain both the ESR increase and the decrease in capacitance over time when the capacitor is operated under electrical stress conditions. Experimental studies are run in parallel, and data collected from these studies are used to validate the generated models. In the future, they will also be used to compute model parameters, so that the overall goal of deriving accurate models of capacitor degradation, and using them to predict performance changes in DC-DC converters is realized.
publication
Networked Control System Wind Tunnel (NCSWT)- An evaluation tool for networked multi-agent systems
Cyber-physical systems, such groups of unmanned aerial vehicles, are often monitored and controlled by networked control systems (NCS). NCS are deployed in many environments subject to realistic, complex network interactions, so evaluation of NCS is crucial to ensuring that NCS function as intended. Given the varied nature of NCS, it is appropriate to use a heterogenous simulation environment to capture the dynamics; however, the design and integration of heterogeneous simulation environments is a complex problem. In this work we present the Networked Control System Wind Tunnel (NCSWT), an integrated simulation environment for NCS. The NCSWT integrates MATLAB/Simulink and ns-2 according to the High Level Architecture standard. We demonstrate the convenience and efficiency of the NCSWT using several case studies where realistic network effects such as data drops and delays are introduced. We also
demonstrate the flexibility and power of the tool in modeling realistic NCS.
publication
Automated Software and Hardware Evolution Analysis for Distributed Real-time and Embedded Systems
Software evolution is critical to extending the utility and life of distributed real-time and embedded (DRE) systems.
Determining the optimal set of software and hardware components to evolve that (1) incorporate cutting-edge
technology and (2) satisfy DRE system resource constraints, such as memory, power, and CPU usage is an
NP-Hard problem. This article provides four contributions to evolving legacy DRE system configurations. First,
we present the Software Evolution Analysis with Resources (SEAR) technique for converting legacy DRE system
configurations, external resource availabilities, and candidate replacement components into multiple-choice multidimension
knapsack problems (MMKP). Second, we present a formal methodology for assessing the validity of
evolved system configurations. Third, we apply heuristic approximation algorithms to determine low-cost, high
value evolution paths in polynomial time. Finally, we analyze results of experiments that apply these techniques
to determine which technique is most effective for given system parameters. Our results show that constraint
solvers can only evolve small system configurations, whereas approximation techniques are needed to evolve
larger system configurations.
publication
Towards Prognostics of Electrolytic Capacitors
We consider the problem of incremental cycle analysis for dataflow models in
the Embedded Systems Modeling Language (ESMoL). We give a general form of a
cycle enumeration algorithm that makes use of graph hierarchy to improve
analysis efficiency. Our framework also stores simple connectivity information
in the model to accelerate future cycle analyses when additional components
are added or modifications are made. Finally we give a mapping from a term
algebraic model of the ESMoL component model and logical dataflow sublanguages
to the analysis framework, and an evaluation on a fixed-wing aircraft controller model. This is part of a larger effort to integrate cycle analysis into the ESMoL tool suite to aid well-formedness checking during model construction.
Over the past decade, wireless sensor networks have
advanced in terms of hardware design, communication protocols,
resource efficiency, and other aspects. Recently, there has been
much focus on mobile wireless sensor networks, and several
small-profile sensing devices that are able to control their own
movement have already been developed. Unfortunately, resource
constraints inhibit the use of traditional navigation methods,
because these typically require bulky, expensive, and sophisticated
sensors, substantial memory and processor allocation,
and a generous power supply. Therefore, alternative navigation
techniques are required. In this paper we present TripNav, a
localization and navigation system that is implemented entirely
on resource-constrained wireless sensor nodes. Localization is
realized using radio interferometric angle of arrival estimation,
in which bearings to a mobile node from a small number of
infrastructure nodes are estimated based on the observed phase
differences of an RF interference signal. The position of the
mobile node is then determined using triangulation. A digital
compass is also employed to keep the mobile node from deviating
from the desired trajectory. We demonstrate using a real-world
implementation that a resource-constrained mobile sensor node
can accurately perform waypoint navigation with an average
position error of 0.95 m.
In the past decade, numerous consensus protocols for networked
multi-agent systems have been proposed. Although some forms of
robustness of these algorithms have been studied, reaching consensus
securely in networked multi-agent systems, in spite of intrusions
caused by malicious agents, or adversaries, has been largely
underexplored. In this work, we consider a general model for adversaries
in Euclidean space and introduce a consensus problem for
networked multi-agent systems similar to the Byzantine consensus
problem in distributed computing. We present the Adversarially
Robust Consensus Protocol (ARC-P), which combines ideas from
consensus algorithms that are resilient to Byzantine faults and from
linear consensus protocols used for control and coordination of dynamic
agents. We show that ARC-P solves the consensus problem
in complete networks whenever there are more cooperative agents
than adversaries. Finally, we illustrate the resilience of ARC-P to
adversaries through simulations and compare ARC-P with a linear
consensus protocol for networked multi-agent systems.
$m$-Triangular Systems are dynamical physical systems which can be
described by $m$ triangular subsystem models. Many physical system
models such as those which describe fixed-wing and quadrotor aircraft
can be realized as $m$-Triangular Systems. However, many control engineers
try to fit their dynamical model into a $1$-Triangular System model.
This is commonly seen in the backstepping control community in
which they have developed pioneering adaptive control laws which can
explicitly account for operating state constraints. We shall
demonstrate that such control laws can even be implemented in a
non-adaptive form while still addressing actuator limitations such as
saturation. However, most importantly, by removing the adaptation
component, a {\em strictly output passive} input-output mapping can be
realized. This important property is most applicable to the
networked control community. For the networked control community,
this {\em key property} allows us to integrate an aircraft into our framework such that a {\em discrete-time
lag compensator} can be used by a ground control station for remote
navigation in a {\em safe and stable manner in spite of time-varying delays and random data loss}. The applicability of our result shall
be made clear as we demonstrate how an inertial navigation system for
a quadrotor aircraft can be constructed. Specifically: i) the desired inertial
position ($\zeta_s=[\zeta_{Ns},\zeta_{Es},\zeta_{Ds}]\tr$) and yaw ($\psi_s$)
setpoints can be concatenated to consist of the {\em virtual} desired
setpoint ($\bar{u}=[\zeta_s \tr, \psi_s]\tr$); ii) the {\em virtual}
desired setpoint corresponds to the $m=3$-concatenated state outputs
$\bar{x}=[x_{(1,1)}\tr,x_{(2,1)}\tr,x_{(3,1)}\tr]\tr =
[[\zeta_{N},\zeta_{E}],\zeta_{D},\psi]\tr$; which iii) are augmented
such that the output $\bar{v}$ equals $\bar{x}$ at
steady-state operation; iv) using Lemma~\ref{L:sop_bstep} we can show
that the backstepping framework renders the quadrotor aircraft to be
strictly output passive (sop) ($\dot{V}(v) \leq -\epsilon_b \bar{v}\tr \bar{v} + \bar{v}\tr
\bar{u}$) such that $V(v)=\frac{1}{2}v\tr v$ is a Lyapunov function in
terms of all concatenated system states $v$ associated with the
$m$-Triangular System. Lemma~\ref{L:PassiveClosedLoop} then shows how the resulting
continuous-time strictly output passive system involving the quadrotor
aircraft can be integrated into an advanced digital control framework
such that a strictly output passive {\em discrete-time lag}
compensator can be used to control the inertial position from a
ground-station in an $L^m_2$-stable manner such that time-delays and
data loss will not cause instabilities.
In model-based development, verification techniques can be used to check whether an abstract model satisfies a set of properties. Ideally, implementation code generated from these models can also be verified against similar properties. However, the distance between the property specification languages and the implementation makes verifying such generated code difficult. Optimizations and renamings can blur the correspondence between the two, further increasing the difficulty of specifying verification properties on the generated code. This paper describes methods for specifying verification properties on abstract models that are then checked on implementation level code. These properties are translated by an extended code generator into implementation code and special annotations that are used by a software model checker.