Italian Workshop on Embedded Systems Siena, Italy, September 13-14 2018 A safety-oriented engineering process for autonomous robotic systems Fabio Federici, Giulio Mosé Mancuso Created at UTRC-ALES UTC PROPRIETARY - This document contains no USA or EU export controlled technical data.
Overview UTC: BU needs and supporting capabilities Certification issues Proposed design flow Technology Evaluation Open points UTC PROPRIETARY – This page does not contain any export controlled technical data
UTC and intelligent systems UTC Business Units UTC Aerospace Systems UTC Climate, Controls and Security Pratt & Whitney OTIS Actuation & Propeller Systems Commercial and Military Aircraft Intelligent building Technologies Elevators Air Management Systems Heating & Cooling Engines Escalators Landing Systems Fire Safety & Security Auxiliary Power Units Moving Walkways Electric Systems Helicopter Engines Refrigeration Engine Systems Sensors & Integrated Systems Use Cases Inspection Assembly Manipulation Grinding Autonomous Deburring Welding Mapping Transportation 3D Dense Visual Capabilities Perception Reconstruction Mapping Inspection Autonomous Activity Navigation Manipulation Exploration Prediction UTC PROPRIETARY – This page does not contain any export controlled technical data
Focus area Higher-level control platform COTS robotic platform User/Base Platform Low-level Control User Application Application Software OS / Middleware / OS / Middleware OS / Middleware Middleware interface Personal Computer HW Platform HW Platform Sensors Sensors Actuators Robot Frame Environment Example Flight Ground High-level Controller/ Control Controller Quadcopter Station Frame UTC PROPRIETARY – This page does not contain any export controlled technical data
Relevant standards Safety related certification IEC 61508: Functional safety of Electrical/Electronic/Programmable Electronic Safety-related Systems SAE ARP 4765A: Guidelines For Development Of Civil Aircraft and Systems RTCA DO 254 RTCA DO 178C ISO 10218-1: Safety requirements for industrial robots - Part 1: Robots ISO 10218-2: Safety requirements for industrial robots -- Part 2: Robot systems and integration ISO 13482: Safety requirements for personal care robots UTC PROPRIETARY – This page does not contain any export controlled technical data
Design and verification flow MIL SIL VPIL Feature Requirements VALIDATION Concept Development PLATFORM FUNCTION INTEGRATION & HAZARD LEVEL TEST ANALYSIS System Requirements RobMoSys Development/Modeling SYSTEM SYSTEM INTEGRATION & PRELIMINARY System Architecture LEVEL VALIDATION TEST SYSTEM SAFETY CARVE ASSESSMENT, Model Development CCA ITEM INTEGRATION & (CONTRACT TEST BASED DESIGN) MODULE REQUIREMENTS HW-SW LEVEL INTEGRATION SW-SW INTEGRATION HW/SW PRELIMINARY DESIGN MODULE SAFETY PLATFORM REQUIREMENTS & ASSESSMENT, CCA ARCHITECTURE (MODEL) DESIGN CODING LOW-LEVEL FLOW TESTING DEPLOYEMENT IMPLEMENTATION (PHYSICAL) UTC PROPRIETARY – This page does not contain any export controlled technical data
HW/SW Platform Design Flow Functions Fault Hazard Analysis Validation System Safety Requirements Specification Testing Hardware Safety Software Safety Requirement Requirement Specification Specification Integration Testing System Architecture Specification/Design HW/SW Hardware Software Integration Architecture Architecture Testing Architectural Hardware Software Patterns Module Design Design Integration Testing Safety Cases Re-use (Platform, Kernel, Fault Domains) Module Module Design Testing Module Development UTC PROPRIETARY – This page does not contain any export controlled technical data
Robotics Architecture Design Patterns DELIBERATIVE MISSION LAYER → TASK SEQUENCING CARVE: use of ? ? LAYER behavior trees SKILL SERVICE FUNCTION SKILL EXECUTION LAYER CONTAINER Internal OS/MIDDLEWARE research investigation HARDWARE UTC PROPRIETARY – This page does not contain any export controlled technical data
Development of HW/SW Platform Mission Layer I/O Server Task/Skill Layer Task Layer Robotic Robotic Middleware/ Robotic Middleware Middleware/ Bridge Health Bridge Monitoring RTOS RTOS General Purpose OS Functions Hypervisor GPU Multicore CPU FPGA I/O Interfaces Current collaborations: UTC PROPRIETARY – This page does not contain any export controlled technical data
Heterogeneous platforms Goal: use of COTS heterogeneous devices Low-cost GPU FPGA Short time to market Multicore CPU Problems: Sophisticated (obfuscated) components I/O Interfaces Greater complexity Resource sharing potentially jeopardizing safety TARGET PLATFORMS NVIDIA Jetson TX2 System-on-Module Zynq UltraScale+ MPSoC Quad-core ARM Cortex A-57 Quad-core ARM Cortex A-53 Dual-core NVidia Denver 2 Dual-core ARM Cortex-R5 NVidia Pascal GPU w. 256 CUDA cores ARM Mali 400 MP2 GPU 16 nm FinFET+ Programmable Logic UTC PROPRIETARY – This page does not contain any export controlled technical data
Need for efficient middlewares Pros: Widely adopted Open-source, meta-operating system for Large community robots Hardware abstraction, Out of the box support for devices Low-level device control, Algorithms & Libraries Commonly-used functionality, Message-passing between processes, Cons: Package management. Lack of determinism Not well fit for safety critical systems Pros: Real-time, deterministic Support for multiple communication Fork of ROS based on the Data middlewares Distribution Service (DDS). Compatibility with ROS DDS is suitable for real-time distributed embedded systems due to its various Cons: Maturity level transport configurations (e.g., deadline and fault-tolerance) and scalability. Adoption UTC PROPRIETARY – This page does not contain any export controlled technical data
Jailhouse partitioning hypervisor Jailhouse: Linux Kernel Partitioning Hypervisor based on Linux. CPU CPU CPU CPU Able to run bare-metal applications or (adapted) operating systems. Originally developed by Siemens Linux Kernel Init Released as Free Software (GPLv2) since November 2013 Jailhouse CPU CPU CPU CPU Pros: Linux Kernel Native support for the Linux kernel Jailhouse Low latencies, good performance CPU CPU CPU CPU Open Source (GPL v2) Root Cell Ported on several embedded platforms (Xilinx Zynq, Nvidia Jetson TX1/TX2) Linux Kernel RTOS Limitations: Jailhouse System boot depends on the Linux Kernel CPU CPU CPU CPU No partition scheduling, only static resource assignment Root Cell Limited maturity UTC PROPRIETARY – This page does not contain any export controlled technical data
Ongoing activity on demo Platform Root cell running ROS executed on the Denver Cluster GPU accelerated ICP: ICP KinectFusion algorithm Around 108 Hz execution speed IO Management/ ROS Control app Linux RT-Linux Jailhouse Nvidia Denver 2 ARM Cortex-A57 ARM Cortex-A57 Nvidia Denver 2 ARM Cortex-A57 ARM Cortex-A57 Pascal GPU NVIDIA Jetson TX2 UTC PROPRIETARY – This page does not contain any export controlled technical data
Summary and Open Points Activities Definition of a safety oriented flow for robotics systems Analysis and design of a robotic hardware/software architecture Assessment of open-source technologies TODOs & Open points Consolidation of MBD flow Bringing in RobMoSys approach Additional isolation mechanism to be introduced in Jailhouse Long-term need: mature, certifiable hypervisor Verification UTC PROPRIETARY – This page does not contain any export controlled technical data
Questions? UTC PROPRIETARY – This page does not contain any export controlled technical data
Recommend
More recommend
