Control SequencerDeductive Controllerl Program Model-based ProgramModeEstimationModeReconfigurationExecutes concurrentlyPreemptsQueries (hidden) statesAsserts (hidden) stateFault Aware Systems: Model-based Programming and Diagnosis Outline Fault Aware Systems Through Model-based Programming Diagnosis as Detective Work Model-based Diagnosis Brian C. Williams 16.412J/6.834J March 8th, 2004 courtesy of JPL Brian C. Williams, copyright 2000 Mars Polar Lander Failure Programmers are overwhelmed by the bookkeeping of reasoning about unlikely hidden states Leading Diagnosis: • Legs deployed during descent. • Noise spike on leg sensors latched by software monitors. • Laser altimeter registers 50ft. • Begins polling leg monitors to determine touch down. • Latched noise spike read as touchdown. • Engine shutdown at ~50ft. Fault Aware Systems: Create embedded languages That reason and coordinate on the fly from models Like Storyboards, Model-based Programs Specify The Evolution of Abstract States Embedded programs evolve actions by interacting with plant sensors and actuators: • Read sensors • Set actuators Embedded Program S Plant Obs Cntrl Model-based programs evolve abstract states through direct interaction: • Read abstract state • Write abstract state Model-based Embedded Program S Plant Model-based executive maps between state and sensors/actuators. S’ Model-based Executive Obs Cntrl Programmer maps between state and sensors/actuators. Descent Example EngineA EngineB Science Camera Turn camera off and engine on EngineA EngineB Science Camera System Model CommandsObservations Contro Plant Titan Model-based ExecutiveRMPL State goalsState estimates Generates target goal states conditioned on state estimates Tracks likely plant states Tracks least cost goal states z z z z OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing)))) ClosedClosedValveValveOpenOpenUnUn--knownknownStuckStuckclosedclosedOpenOpenCloseClose0. 010. 010. 010. 010.010.010.010.01inflow iff outflow 1State-based Execution: The model-based program sets the state to thrusting, and the deductive controller . . . . Control SequencerDeductive ControllerPossible BehaviorsVisualized by a Trellis DiagramDetermines that valves on the backup engine will achieve thrust, and plans needed actions. Deduces that a valve failed - stuck closed Plans actions to open six valves Fuel tankFuel tankOxidizer tankOxidizer tankDeduces that thrust is off, and the engine is healthy Identify Modes Diagnose Failure Modes Reconfigure Modes Repair Modes Model-based Programs state trajectories: Control program specifies OrbitInsert():: (do-watching ((EngineA = Thrusting) OR • fires one of two engines • sets both engines to ‘standby’ • prior to firing engine, camera must be turned off to avoid plume contamination • in case of primary engine failure, fire backup engine instead Plant Model describes behavior of each component: – Nominal and Off nominal – qualitative constraints – likelihoods and costs (EngineB = Thrusting)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Thrusting))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Thrusting)))) Plant Model StandbyStandbyEngine ModelEngine ModelOffOffFailedFailedFiringFiringcomponent modes… (thr ust = full) AND (powe r_in =nomina l) (thr ust =ze ro ) AND (powe r_in =ze ro ) (thr ust =ze ro ) AND (powe r_in =nomina l) described by finite domain constraints on variables… deterministic and probabilistic transitions offoff--cmdcmdstandbystandby--cmdcmd0.010.010.010.01standbystandby--cmdcmdfirefire--cmdcmdcost/reward 0 v 0 v 2 kv 2 kv one per component … operating concurrently OnOnCamera ModelCamera ModelOffOffturnoffturnoff--cmdcmdturnonturnon--cmdcmd(powe r_in =ze ro ) AND (shutte r =c lo sed ) (powe r_in =nomina l) AND (shutte r =open ) 0 v 20 v 0.010.010.010.010 v System Model CommandsObservations Control Program Plant Titan Model-based ExecutiveRMPL Model-based Program State goalsState estimates Control Sequencer: Generates goal states conditioned on state estimates Mode Estimation: Tracks likely States Mode Reconfiguration: Tracks least-cost state goals z Executes concurrently z Preempts z Asserts and queries states z Chooses based on reward Fire backup engine Valve fails stuck closed S T X0 X1 XN-1 XN S T X0 X1 XN-1 XN least cost reachable goal stateFirst ActionCurrent Belief State Modeling Complex Behaviors through Probabilistic Constraint Automata • Complex, discrete behaviors • modeled through concurrency, hierarchy and timed transitions. • Anomalies and uncertainty • modeled by probabilistic transitions • Physical interactions • modeled by discrete and continuous constraints StandbyStandbyEngine ModelEngine ModelOffOffFailedFailedoffoff--cmdcmdstandbystandby--cmdcmd0.010.01(thrust = full) AND (power_in = nominal) FiringFiring0.010.01standbystandby--cmdcmdfirefire--cmdcmd(thrust = zero) AND (power_in = zero) (thrust = zero) AND (power_in = nominal) OnOnCamera ModelCamera ModelOffOffturnoffturnoff--cmdcmdturnonturnon--cmdcmd(power_in = zero) AND (shutter = closed) (power_in = nominal) AND (shutter = open) 0 v 2 kv 2 kv 0 v 0 v 20 v 0.010.010.010.010 v The Plant’s BehaviorThe Plant’s BehaviorS T X0 X1 XN-1 XN •Assigns a value to each variable (e.g.,3,000 vars). •Consistent with all state constraints (e.g., 12,000). •A set of concurrent transitions, one per automata (e.g., 80). •Previous & Next states consistent with source & target of transitions 2arg max PT(m’)s.t. M(m’) ^ O(m’) is satisfiable3Deductive ControllerControl SequencerDeductive ControllerPossible BehaviorsVisualized by a Trellis DiagramDeductive ControllerCommandsObservations Plant State goalsState estimates Mode Estimation: Tracks likely States Mode Reconfiguration: Tracks least-cost state goals Fire backup engine Valve fails stuck closed S T X0 X1 XN-1 XN S T X0 X1 XN-1 XN least cost reachable goal stateFirst ActionCurrent Belief State Optimal CSP: arg min f(x) s.t. C(x) is
View Full Document
Unlocking...