aero/astro open house mers research group model-based embedded and robotic systems group
DESCRIPTION
Aero/Astro Open House MERS Research Group Model-based Embedded and Robotic Systems Group Space Systems Laboratory Massachusetts Institute of Technology Friday, March 21, 2003. Motivation. Apollo 13 quintuple fault. Autonomous systems handle Faults Anomalies Communication - PowerPoint PPT PresentationTRANSCRIPT
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Aero/Astro Open House
MERS Research Group
Model-based Embedded and Robotic Systems Group
Space Systems Laboratory
Massachusetts Institute of Technology
Friday, March 21, 2003
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Motivation
Apollo 13 quintuple fault
Mars Polar Lander failed due to a faulty sensor.
Autonomous systems handle• Faults• Anomalies• Communication• Commanding
Europa Probe
Distant Explorers
Mercury Orbiter
Cooperative Exploration
Mars Outpost
Earth Imager
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Model-based Programming Paradigm
Mars ‘98 Polar Lander
Goal: provide an embedded language that operates on system state and reasons from commonsense models
Leading Hypothesis:• Legs deploy during descent.• Noise spike on leg sensors
latched by s/w monitors.• Laser altimeter registers 50m.• Begins polling leg monitors to
determine touchdown.• Latched noise spike read as
touchdown.• Engine shutdown at ~50m.• Lander impacts planetary
surface at high velocity.
Spacecraft are highly complex systems, with significant interaction at the subsystem level
Spacecraft encounter harsh, uncertain environments.
Robustness in such systems requires:• high-reliability software;• fault protection built into the control sequence;• highly reactive sense-decide-act loop.
Using traditional embedded software approach, difficult to anticipate such low-level subsystem interaction and explicitly encode responses to each possible fault.
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Robust Systems Should be“Fully State Aware”
Embedded programs interact withthe system’s sensors/actuators:
• Read sensors
• Set actuators
Model-based programs interact with the system’s state:
• Read state
• Set state
Embedded Program
SPlant
Obs Cntrl
Programmer must map between state and sensors/actuators.
M-B Executive maps between states and sensors/actuators.
Model-basedEmbedded Program
SPlant
S’Model-based Executive
Obs Cntrl
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Diagnose and
Reconfigure
• Compiled Goal
Interpreter
• Reactive Planner
Diagnose and
Reconfigure
• Compiled Goal
Interpreter
• Reactive Planner
c
e
e
d d_d
Titan Model-based Executive
ClosedClosed
ValveValve
OpenOpen StuckStuckopenopen
StuckStuckclosedclosed
OpenOpen CloseClose
0. 010. 01
0. 010. 01
0.010.01
0.010.01
inflow = outflow = 0
B(t) B(t+1)
S1(t)
S2(t)
Sn(t)
S1(t+1)
S2(t+1)
Sm(t+1)
… …
RMPL Model-based Executive
SequencerControlProgram
SystemModel
Configurationgoals
Stateestimates
CommandsObservationsFlight System Control
RT Control Layer
ModeEstimation
ModeReconfiguration
Control
Model
Mode Estimation
• Compiled ME
• Hybrid ME
• Distributed ME
Plant
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
M-B Programming Example:Orbital Insertion Scenario
EngineA EngineB
Science Camera
EngineA EngineB
Science Camera
•must fire one of the two engines•set both engines to ‘standby’•prior to firing engine, camera must be turned off to avoid plume contamination
• in case of primary engine failure, fire backup engine instead
StandbyStandby
Engine ModelEngine Model
OffOff
off-off-cmdcmd standby-standby-
cmdcmd
0.010.01
(thrust = full) AND(power_in = nominal)
FiringFiring
0.010.01standby-standby-
cmdcmdfire-fire-cmdcmd
(thrust = zero) AND(power_in = zero)
(thrust = zero) AND(power_in = nominal)
0.010.01
FailedFailed
OnOn
Camera ModelCamera Model
OffOff
turnoff-turnoff-cmdcmd
turnon-turnon-cmdcmd
(power_in = zero) AND(shutter = closed)
(power_in = nominal) AND(shutter = open)
Systems engineers think in terms of state trajectories:
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
M-B Programming Example:Orbital Insertion Scenario
once primary engine is in standby and camera is off, proceed to fire engine (preempt this operation if engine is ever found to be in a faulty state)
Model-based Programming provides a way to encode the prescribed state trajectory into a control program:
• assert and check states which may be “hidden”, rather than operating directly on observable or control variables
• allow for embedded management of fault states
RMPL code for OrbitInsert control program:
(do-watching ((EngineA = Firing) OR (EngineB = Firing))
(parallel
(EngineA = Standby)
(EngineB = Standby)
(Camera = Off)
(do-watching (EngineA = Failed)
(when-donext ( (EngineA = Standby) AND (Camera = Off) )
(EngineA = Firing)))
(when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) )
(EngineB = Firing))))
goal is to fire one of the two engines;terminate when accomplished
concurrently sets both engines to ‘standby’, and turns off camera to avoid plume contamination
in case of primary engine failure, fire backup engine instead
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
S3
S2
S1
Mode Estimation Example
Configuration Goal:EngineA = Firing
Observation:Thrust = 0
Configuration Goal:Engine A = Firing
Pos
sib
le D
iagn
oses
Observation:Thrust = 0
Engine A
Engine A
Engine A
Engine A
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Mars Entry, Descent &Landing
Hybrid Model-based Programming:Motivation
Tight coupling of attitude/position control and spacecraft configuration control
Mars ‘98 mission failure demonstrates need for improved robustness in this type of “critical sequence”
To achieve this level of robustness, need to track and control both discrete and continuous spacecraft states (“hybrid” system)
chute deploys when velocity drops to 493 m/s
lander separates when entry attitude is achieved
legs deploy 10 secs after heatshield is jettisoned
chute jettisoned at 1300m, lander performs controlled gravity turn maneuver
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Hybrid Mode Estimation – Gesture Recognition
• Stereo vision system– Tracks head and hand motion of human associate
• Hybrid model of human associate supports Robonaut’s recognition of human gestures
– Gestures of interest include pointing to a tool, holding hand up to indicate stop, “come closer” gestures, etc.
• Continuous dynamics model of human arm includes inertial and damping terms
• HMM model takes output of stereo vision system as observation– Transitions between motion control point states
• Robonaut – EVA astronaut’s assistant
• Humanoid design requires no specialized robotic tools
• Controlled by tele-operator, but autonomous modes under development
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
RMPL Model-based Executive
SequencerControlProgram
SystemModel
Configurationgoals
Stateestimates
CommandsObservationsFlight System Control
RT Control Layer
ModeEstimation
ModeReconfiguration
Mode Reconfiguration
INPUT• Configuration Goal
– Trust = on
• Current State– Tank = full– Pressure = nominal– Driver = off– Valve = closed– Thruster = off
N2H4
GHe
P
SDriver
Goal Interpreter
Reactive Planner
Configurationgoals
GoalState
Command
CurrentState
OUPUT• Command
– Turn driver on
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Goal Interpreter
N2H4
GHe
P
SDriver
INPUT• Current State
– Tank = full– Pressure = nominal– Driver = off– Valve = closed– Thruster = off
• Configuration Goal– Trust = on
OUPUT• Goal State
– Tank = full– Pressure = nominal– Driver = off– Valve = on– Thruster = on
Goal Interpreter
Configurationgoals
GoalState
CurrentState
Generate optimal goal state that achieves the Configuration Goal!
TruthMaintenance
System
NewConflicts
Configuration Goal
Checked Solution
ConflictDatabase
Can
dida
tes
Best-firstAgenda
Most LikelyCandidate
All Conflicts
Goal State
Theory(Including
Estimated State)
Conflict-directed A*
Search
• Goal Interpreter • Compiled Goal Interpreter
PartialGoal
Interpretation
Best-first Kernel Goal
State Generator
Minimize online deduction by generating all partial goal interpretation offline!
Online:
Goal State
Goal Configuration
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Example: The model-based program sets the state to thrusting, and the deductive controller . . . .
Determines that valveson the backup engine
will achieve thrust, andplans needed actions.
Deduces that a valve failed - stuck closed
Plans actionsto open
six valves
Fuel tankFuel tankOxidizer tankOxidizer tank
Deduces thatthrust is off, and
the engine is healthy
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Reactive Planner
Reactive Planner
GoalState
Command
CurrentState
INPUT• Current State
– Tank = full– Pressure = nominal– Driver = off– Valve = closed– Thruster = off
• Goal State– Tank = full– Pressure = nominal– Driver = off– Valve = on– Thruster = on
fail
Goal
fail
driver = oncmd = open
idle
idledriver = on
cmd = close
Current
Open
Closed
Stuck
Open Closed
Goal
cmd = on idle
idle cmd = off
Current
On
Off
Resettable
On Off
cmd = reset cmd = off
ValveDriver
OUPUT• Command
– Turn driver on
ReconfigurationOrder
1. Tank = full2. Pressure = nominal3. Valve = on4. Thruster = on5. Driver = off
N2H4
GHe
P
SDriver
Planner guarantees to:
• Only generate non-destructive actions
• Never propose actions that lead to dead-end plans
• Ensure progress toward the goal• Operate at reactive time scale
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Divide and Conquer
PlantStructure(cyclic)
TreeDecomposition
(acyclic)
Structural Decomposition
• Compile model structure into equivalent tree structure
• Effort depends on structural properties (graph width)
• Reasoning on equivalent tree structure is very efficient (highly parallelizable) => Distributed Algorithm
Precompilation
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Planning through Divide-and-Conquer
BusControl
Computer• Generate a plan for each
grouped components.
• Execute each plan one at a time to achieve the goal
AntennaAmplifierTransmitter
AntennaAmplifierTransmitter
comp = onbus = on
cmdT = on
Goal
comp = onbus = on
cmdT = on
comp = onbus = on
cmdA = onidle
idlecomp = onbus = on
cmdA = off
Current
OnT, OnA
OnT, OffA
OffT, OffA
OnT, OnA OnT, OffA
idle
bus = oncmdT = off
comp = onbus = on
cmdA = off
OffT, OffA
fail
fail
fail
OffT, OnA
comp = onbus = on
cmdA = off
comp = onbus = on
cmdA = off
comp = onbus = on
cmdA = offidleOffT, OnA
Goal
comp = oncmd = on
idle
idlecomp = oncmd = off
Current
On
Off
On Off
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
MIT-NASA Ames Mars ’03 Simulation Center
• Simulate Mission Objective of Mars ’03– Use NASA’s MERBoard to visualize
the environment and control the rovers.
– Demonstrate the ability to achieve mission autonomously
255.30 sq. ft.
13'-6"
15'- 1"
7'-0"
8'- 6 1/2"
6'-6"
23'- 7 1/2"
4 ft. 0.0 in
. x 2 ft. 0.0 in
.
2 ft. 0.0 in. x 4 ft. 0.0 in. 2 ft. 0.0 in. x 4 ft. 0.0 in. 3 ft. 6.0 in. x 2 ft. 0.0 in.
11'- 11"
3 ft. 0.0 in. x 3 ft. 0.0 in
.
0 ft. 9
.0 in
. x 0 ft. 9
.0 in
.0
ft. 9.0
in. x 0
ft. 9.0
in.
0 ft. 9.0 in. x 0 ft. 9.0 in. 0 ft. 9.0 in. x 0 ft. 9.0 in.0 ft. 9.0 in. x 0 ft. 9.0 in.0 ft. 9.0 in. x 0 ft. 9.0 in.
Analyze this rock!
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Future Missions
Courtesy JPL
MER 2003
Mars 2007
SPHERES
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
New Slides
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Plant Model Implementation
PlantCommands
Configurationgoals
Observations
Control Sequencer
Stateestimates
TimedPlant
Model
TimedControlProgram
Deductive Controller
Timed Model-basedProgram
Timed Model-basedExecutive
SystemClock
ModeEstimation
ModeReconfigurationestimates
State
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Next Generation RMPL
• Tentatively called ROOMPL, for “Reactive, Object-Oriented Model-based Programming Language”.
Language Design Goals
• Surface / Syntax– consistent, across plant and control specifications.– analyzable, for static (i.e. pre-runtime) correctness.
• Below the Surface– extensible – amenable to language experimentation by non-programming
language experts.• Long Term
– apply to general purpose programming domains.– dynamic, reflective.
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Plant Models
• instances of “primitive classes” are CCA’s (MPL components)
ROOMPL MPL
primitive classes components
primitive fields observable variables
methods control variables
references dependent variables
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Example: Engine models
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Control Programs
• Instances of non-primitive classes are HCA’s• Classes still have modes• Goals established with try blocks• Preemption at block level with watch
(similar to RMPL when)
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Implementation Notes
• Implementing language in OCAML– has a bunch of language hacking tools.
• Initially, will generate MOF.• Later, will use C interface to talk to current executive
components.
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Old Slides
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Compiled Mode Estimation
• Dissents represent same model in a smaller theory.
• Off-line Operations
Compiled Mode Estimation
Offline
OptimizedConstraint
Satisfaction
Online
PartialDiagnosis
Trigger
Best-firstKernel
DiagnosisGenerator
Monitors
PartialDiagnosis
RuleGenerator
SystemModel
Most LikelyDiagnosis
Dissents ConflictsPartial DiagnosisRules
DiscreteObservations
ContinuousObservations
(Press1 = nom) G(S) SH(S) U(S)
(Thrust = on) O(V) U(V)....
Model Compilation
• On-line Operations0.084
0.084
G(S) U(S)SL(S)
0.0020.017
U(S) U(V)C(V)SL(S) B(C) U(C)SH(S)
Partial Diagnosis
Trigger
Most Likely Diagnosis:• Sensor = Stuck Low• Valve = Closed• Catalyst Bed = Good
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
RMPL Model-based Executive
SequencerControlProgram
SystemModel
Configurationgoals
Stateestimates
CommandsObservationsFlight System Control
RT Control Layer
ModeEstimation
ModeReconfiguration
Mode Estimation
• Mode estimation relies on:– Commands
– Observations
– System Model
• Encoded as propositional logic with probabilistic transitions to determine the most likely state of the system.
ModeEstimator
SystemModel
Commands Observations
Most LikelyState Estimate
TruthMaintenance
System
NewConflicts
Observations
Checked Solution
ConflictDatabase
Can
dida
tes
Best-firstAgenda
Most LikelyCandidate
All Conflicts
Diagnosis
Theory(Including
Predicted State)
Conflict-directed A*
Search
OPSAT
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Mode Reconfiguration (GI)
A B A B
A BA
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Hybrid Model-based Programming:Approach
• extend M-B Programming to include:– assertion of discrete & continuous
states – conditional branching on discrete
states, continuous states & time
• requires integration of engines for discrete state reconfiguration, and continuous control (e.g. spacecraft attitude control system)
• need both discrete & continuous state estimation capability
SPlant
Obs Cntrl
Model-basedControl Programs
Model-basedExecutive
S’
PlantModel
cont. & discretestate estimates
HybridMode
Estimation
hardware config goals
s Discrete Controller
Continuous Controller
attitude & position goals
Hybrid Model-based Executive
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Hybrid Mode Estimation
• failures can manifest themselves through coupling between a system’s continuous dynamics and its evolution through different behavior modes must track over continuous state changes and discrete mode changes
• symptoms initially on the same scale as sensor/actuator noise need to extract mode estimates from subtle symptoms
mm11
21211212
2323
1313
mm33
mm22
2222
1111
3333
Hidden Markov Models Continuous Dynamics
11
1
( 1) ( ( ), ( ), ( )):
( ) ( ( ), ( ))
( 1) ( ( ), ( ), ( )):
( ) ( ( ), ( ))
c c c c c
c c c c
c ci c c ci
c ci c c
x k f x k u k v km
y k g x k v k
x k f x k u k v km
y k g x k v k
Hybrid Model
old estimate:Xk-1={mi,xk-1} X+
k-1={mj,xk-1}new estimate:Xk={mj,xk}
Hybrid Mode Estimation tracks a set of trajectories
KalmanFilter Bank
yc(k)
uc(k-1)
ModeEstimation
xci(k)
Pi(k)
^
k
Xk^
MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House
Plant Model Implementation
Physical plant modeled as Timed Concurrent Constraint Automata:• variant of factored POSMDP (time continuous, but observations
and decisions at discrete points)
Engine:
Off
Firing Standby
cmd = standby
cmd = fire
Failed
cmd = off
Camera:
cmd = standby
(power = off) AND(thrust = zero)
(power = on) AND(thrust = zero) AND
(temp = nominal)
(power = on) AND(thrust = full) AND(temp = nominal)
Heating
(power = on) AND(thrust = zero) AND(temp = increasing)
cmd = off
tE>=30& tE<=60
Inactive
TakingPicture
Idle
cmd = camOn
cmd = takePicture
Failed
cmd = camOff
(power = off) AND(shutter = closed)
(power = on) AND(shutter = closed)
(power = on) AND(shutter = open)
tC>=0.1& tC<=0.2
constraints
guarded & timed probabilistic transitions
nominal modes
fault modes
p(t)
t0.1 0.2
P= 99.9%modal rewards