1 / 24

Using Run-Time Checking to Provide Safety and Progress for Distributed Cyber-Physical Systems

Using Run-Time Checking to Provide Safety and Progress for Distributed Cyber-Physical Systems. Stanley Bak , Fardin Abdi Taghi Abad, Zhenqi Huang, Marco Caccamo Presentor : Renato Mancusu. Distributed Coordination. Interconnected systems that physically affect each other

tacey
Télécharger la présentation

Using Run-Time Checking to Provide Safety and Progress for Distributed Cyber-Physical Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Run-Time Checking to Provide Safety andProgress for Distributed Cyber-Physical Systems Stanley Bak, Fardin Abdi Taghi Abad, ZhenqiHuang, Marco Caccamo Presentor: Renato Mancusu

  2. Distributed Coordination Interconnectedsystems that physically affect each other State of each node is a function of control inputs of other nodes based on system connection graph Images : http://geospatial.blogs.com/geospatial/2009/07/alternative-energy-green-nonemitting-clean-renewable-or-low-carbon-.html http://www.thewatertreatments.com/water/distribution-system/

  3. Communication; An Essential Component • Unreliable Communication • unbounded message delays and drops • Impossible to achieve consensus in lossy network • Communication Faults • Violation of Safety • Distributed systems rely on communication • Reaching the desired state • Functionality and stability

  4. Limits of Distributed Coordination • One approach: • Use middleware that provides guarantees of communication and latency • If the guarantees can not be met, an error is raised to the high-level logic • Problem: Scalability Image: “A Swarm of NanoQuadrotors”, UPENN, http://www.youtube.com/watch?v=YQIMGV5vtd4

  5. Paper Goals • Goal: Examine fundamental requirements for safety in distributed systems with unreliable communication • Safety: global invariant (for example, collisions are avoided) • Goal: Provide a mechanism for safe progress, if the communication works adequately well • Progress: all distributed agents follow the same goal Image: “A Swarm of NanoQuadrotors”, UPENN, http://www.youtube.com/watch?v=YQIMGV5vtd4

  6. Safety Theorem • A coordinating distributed system is safe under unreliable communication (arbitrary delays, unbounded packetloss), if and only if both: • Condition 1: The system is safe if no communication takes place • Condition 2: For each message m that is received by any node, the system remains safe if no other messages are ever received after m • Proof intuition: Formal details in the paper

  7. Runtime Checking • Condition 2 is difficult to check ahead of time, since it’s quantified for every message • “Condition 2: For each message m that is received, the system remains safe if no other messages are ever received after m” • To build a usable system with this result, we check this condition at runtime, and drop messages which violate it • Of course, dropping messages impacts progress; more on progress will be discussed in the second goal of the paper

  8. Proposed Architecture Safe commands pass Unsafe commands are filtered Perform a safety test on each command (check condition 2)

  9. Safe Progress Progress depends on the notion of compatible actions. These are actions which all agents can take that are globally safe. When put together, compatible action chains allow for global progress towards a goal. The rate of progress depends on the quality of the communication channel.

  10. Example System • A flock of vehicles moves along a path with fixed offsets • The user can input “detour points”, which redirect the motion of the flock • Collisions should be avoided always • Detour points should be reached, communication permitting

  11. Non-Compatible Actions Collision may occur due to a communication fault A new waypoint for the flock is entered

  12. Compatible Actions – Iteratively Approach Goal

  13. Compatible Actions – Iteratively Approach Goal

  14. Compatible Actions – Iteratively Approach Goal

  15. Compatible Actions – Iteratively Approach Goal

  16. Compatible Actions – Iteratively Approach Goal

  17. Compatible Actions – Iteratively Approach Goal

  18. Compatible Actions – Iteratively Approach Goal

  19. Compatible Actions are Robust to Communication Failures

  20. Tractor 1 did not receive the new path but safety is maintained! Paths sent to followers! Tractor 1 did not receive the path Desired final path generated for the flock Paths generated for all the followers New Detour point entered by operator

  21. Vehicle Flocking Application We created the vehicle flocking system within StarL, a Java-based environment for testing vehicle flocking algorithms StarL code can be run on a Roomba flock in UIUC, or the built-in simulator Effects from the communication (time, packetloss) can be simulated and have been evaluated in the paper Video: https://www.youtube.com/watch?v=dIGU8OTfCh8

  22. Vehicle Flocking Measurement We measured the effect of packetloss and vehicle count on convergence time and number of messages sent

  23. Future Extensions Replace runtime reachability checks with ahead-of-time computation Propose a progress framework where commands do not originate from a centralized coordinator Implementation on a large swarm of robots

  24. Review Provide fundamental requirements for safety in distributed systems with unreliable communication Provide a mechanism for safe progress, if the communication works adequately well Evaluate the proposed techniques on a vehicle flocking scenario

More Related