Distributed Control Lab - A component-based application Overview - - PowerPoint PPT Presentation

Distributed Control Lab

• A component-based application

Overview Architecture Experiments

Outline

Motivation The Distributed Control Lab (DCL) Architecture “Foucault's Pendulum Details”

– Hardware / Software Architecture – Control Algorithms

“Hau den Lukas”

– Hardware Architecture – Control Software

Additional Experiments Malicious Code Problem / Solutions

Motivation

Online access to physical experiments over the

Web

Test-bed for interconnected middleware-

components and embedded systems

Reach a predictable system behaviour in unstable

environments

Study techniques to prevent malicious code

damaging physical equipment

Foucault's Pendulum demonstrates usage of

dynamic reconfiguration for online replacement of user control

Distributed Control Lab

2001 project start at Hasso-Plattner-Institute Practice of writing control algorithms for real-time

control problems

study of system predictability, availability and security in

context of middleware-based dynamic control systems

Extensible architecture for hosting physical control

experiments

Investigation of algorithms for user code observation

and replacement of control components

Experiment : physical installation and specific control

software

The Distributed Control Lab

Distributed Control Lab (V2) Architecture

Admin

Experiment Manager Ticket Service Job Queue

R R

SOAP Frontend

R R

Result Manager Job Results Experiment Controller Tickets Users DCL Frontend

User

R

SOAP Experiment Controller

R R

SOAP

R

Experiment Service DISCOURSE Users

Client Web-Browser

DCL Messaging Protocols

http/html ASP.NET Page

IIS ASP.NET Web/Application Server

DCL- Web Service

IIS ASP.NET Web/Application Server

DCL Experiment-/ Resultmanager

.NET Remoting Service

DCL Experiment- Controller

.NET Remoting Service Embedded Control Device

RT-Linux PC Brick OS ...

DBMS SOAP .NET Remoting ODBC .NET Remoting TCP/IP IrDA

Problem : Malicous Code

Investigation of Solution for malicious code detection – Source code analysis – Experiment-specific languages / Language limitations – .NET code access security – Simulation before execution on physical experiment – Analytic Redundancy

Online observation of user programs Replacement of user programs before reach of

uncontrollable state

Dynamic reconfiguration of component-based control

application

Monitoring of environmental settings and component states

Foucault’s Pendulum

First installation 1848 by Leon Foucault in the

Pantheon in Paris

Demonstrates earth rotation Today many installation including one in UN-building in

New York

Problem : Pendulum must be kept swinging Solution : electro magnet under an iron ball Experiment: Find best control algorithm to keep the

pendulum swinging

– Using minimum energy – Reaching the highest amplitude

USB Host- Controller

User- Controller Safety- Controller Event Duplication

Operating System I/O

Check HalfFull Flag

Configuration Manager

Binary Reader / Filter, Smooth Event Creation Binary Writer Binary Stream Generation

User Mode Kernel Mode

Cypress EZ-USB Read Write 64 Byte I/O request packet Light Sensor Electro Magnet

FIFO-Memory 4 KBytes ReadFile() WriteFile()

Pendulum Control – detailed

• Laser light barriers sampled into

4KByte FIFO-memorys with 23,4 kHz

• USB-Controller checks half-full-Flag
• 64 Byte blocks of data transferred

via USB 1.1

• Real-Time OS-Threads process in-

coming signals / produce out-going bit stream

Pendulum-API : Control Event

public class ControlEvent { public int nr; // sensor or actuator identifier public int state; // actuator 1 ON - 0 OFF // light barrier // 1 light -> dark // 0 dark -> light public long timestamp; // global time stamp }

Pendulum-API : Interface

public interface Pendulum { // Dequeue next event // Blocks if no event present until next event occurs public ControlEvent GetNext(); // Queue next event to put energy on / off public bool SendEvent(ControlEvent input); // Get global time stamp 1 micro seconds logical resolution public long GetTime(); }

Pendulum: Example Control Code

while(true) { // get next event ControlEvent ev = pendel.GetNext(); if(ev.state == 1) // pendulum enters light barrier { // switch magnet on pendel.SendEvent(new ControlEvent(ev.timestamp+1000,0,1)); // switch it off after 5 ms pendel.SendEvent(new ControlEvent(ev.timestamp+6000,0,0)); } }

Pendulum Control Process Generation

while(true) { // get next event ControlEvent ev = pendel.GetNext(); if(ev.state == 1) // pendulum enters light barrier { // switch magnet on pendel.SendEvent(new ControlEvent(ev.timestamp+1000,0,1)); // switch it off after 5/23 seconds pendel.SendEvent(new ControlEvent(ev.timestamp+6000,0,0)); } }

send to DCL

while(true) { // get next event ControlEvent ev = pendel.GetNext(); if(ev.state == 1) // pendulum enters light barrier { // switch magnet on pendel.SendEvent(new ControlEvent(ev.timestamp+1000,0,1)); // switch it off after 5/23 seconds pendel.SendEvent(new ControlEvent(ev.timestamp+6000,0,0)); } }

Public Class UserControl { Public Static void Main(String[] args) { } }

Configuration Code Control Code

generate user control class user control code compile control

Pendulum : Increase of amplitude

1.

Get current oscillation time Toz ( time for a full

• scillation )

2.

Get current time the ball is covers the light barrier Ts ( indicates speed )

3.

If ball enters light barrier :

1.

Queue Enable Magnet Event at Tcurrent+Toz/4

2.

Queue Disable Mag. Event at : Tcurrent + Toz/2 + Ts/2 – Tmf

1.

Tmf – duration of magnetic field shut down

4.

Repeat steps 1-4

Code Access Security-CAS in .NET

Supplements operating system security mechanisms Trust to assemblies vary depending of origin and

publisher

Based on evidences of assemblies

– Application directory – Strong name – URL – Signature

Permissions restrict access to system resources DCL: Configuration of usable class library classes

Code Access Permissions

Represent access to a protected resource or

the ability to perform a protected operation

Environment Variables File Dialog File I/O Isolated Storage File Reflection Registry Security User Interface DNS Printing Event Log Socket Access Web Access Performance Counter Directory Services Message Queue Service Controller SQL Client

Evidence Based Security

Assembly evidence is matched against code

groups to gain permission

Code group consist of

– Membership condition – Set of code access permissions

Security policies contain code groups that map

assemblies to permissions

Policies in .Net : Enterprise, Machine, User,

Application Domain

Policy Evaluation: top-down

.NET Security in the Pendulum Experiment

Code group in machine policy applies only to

usercode.exe assembly

– Custom Permission Set assign to the code group

No permissions, except:

– Execution permission – Access to driver component via .NET Remoting

Localhost, one specified socket, one URI

– File I/O in the local directory

Security exception if any restriction is violated

– Check required permissions before code execution – .NET Attributes

Pendulum Experiment Dynamic Properties

Code Access Security provides safe environment for

execution of foreign code

There are still dynamic properties at the experiment

that can not be handled by CAS

– Expiration of available execution time (fairness) – Expiration of available energy – Overheating of the coil – the pendulum falls below a critical amplitude (energy) - so it

could not be kept swinging

– Unexpected termination of user programs – Exaggerated use of memory

Our Approach : Dynamic Reconfiguration as safe-guard mechanism

Mapping of profiles to application configurations based

• n environmental conditions and component states

Selection of application configuration according to

conditions provides best service for a given situation

Definition of

– observer : monitoring of environmental settings and component

states

– profiles : mapping of environmental conditions to application

configurations

– configurations of component-based applications

Online monitoring of environment and components Change of application configuration using dynamic

reconfiguration if required (changed conditions)

Configuration Creator Tool

Pendulum Experiment Control Configurations

USB-Driver Event Queuing

Safety Controller

User Program Event Duplicator User Program

Configuration 1 : safety controller Configuration 2 : user program (cold standby) Configuration 3 : user program (warm standby) USB

Safety Controller Safety Controller

Measurements:

Abnormal Termination of User Program

„Higher Striker“ – „Hau den Lukas“

Similar hardware to pendulum experiment

– Parallel I/O / 38 kHz sample rate / 256 Byte buffer

Use of Real Time OS

– Smaller Buffers, Higher Sampling Frequency – Short control delay – COTS x86 PC

Intel Celeron 633 MHz, 128 MB RAM (max 64 MB usable) 10 Mbit/s LAN (NE 2000 PCI)

Combination of non-RT .Net and RT

application

CE-PC Windows Ce.Net 4.2

“Higher Striker” - Architecture

A/D Transformation FIFO-Memory Optical Signal Gen.

CE-PC Plattform Builder/ Debug Host .Net DCL Controller PC

OS Image Debugging Parallel Port I/O Download COMPILED User Control Algorithms User Code light barriers Switch Power

DCL

„Higher Striker“ Minimal Program

INITIALIZE; do { READ(); WRITE(buffer); GETSTATUS() if(EMPTY_FLAG_LS) Sleep(1); } while(!EOF(buffer))

Controlling the Experiment

Abstract from Direct Hardware Programming Provide Higher Level API to the experiment 2 possible control scenarios :

– Calculation before runtime, analysis of result after

experiment execution for next run

– Calculation of control signals during runtime – hard

deadlines

Investigation of various operating systems .Net Compact Framework and real time

„Higher Striker“ - Event List - API

Definition before runtime Transformation into byte stream before runtime Simple checks possible (temperature of magnet) Generation of event list after runtime for analysis for

next experiment runs

Not flexible – but simple to implement 0;1; 10;0; 20;2; 25;0; 50;4; 80;0; 1111111111000000000 0222220000000000000 0000000000000000888 8888888888888888888 8888880000000000000

Higher Striker Control API

int HDLInitialize ( ); int HDLInitialize ( unsigned char Writeahead, unsigned char Initial[]); int HDLStartClock( ); int HDLStopClock( ); int HDLPerform( unsigned char * Write, unsigned char * Read ); int HDLGetStatus(); int HDLGetError( int * LSError, int * MSError );

Higher Striker – Watch Dog

Init Active Stop

signal not signaled for 5 reboots if not signaled for 5 sec reboot 70 sec power on power off Hardware Watchdog connected / signaled via serial

communication interface of control PC

In case of system hang-up control PC will be rebooted Atmel AVR 8-Bit Tiny 12 microcontroller

Higher Striker Simulation

Used Buffer (0-255 Byte) Cylinder Speed Height Video Animation

DCL - Grid Integration

Heterogeneous

– X86,Itanium, PowerPC – Windows 2000/XP, Linux,

Mac OS X

DRMAA – Job

Submission and Control for Clusters and Grids

GLOBUS IDLE-Time

– Condor – Sun Grid Engine, Condor

Grid Grid

• Increased Throughput
• Increased Response Time

Povray Simulation

Fischertechnik Production Line

Control via Fischertechnik Intelligent Interface

– Serial communication interface, 9600 Bits/sec – 4+4 Digital Outputs, 8+8 Digital Inputs, 2 Analog

Inputs

– Installation:

4 Intelligent Interfaces Pneumatic Actuators 1 robot arm

( 2 free degrees )

Controlling Fischertechnik using Beckhoff Industrial-PCs and the DCL

D C L

.NET Controller IIF

ADS.NET

Visual Studio Plug-In TwinCat PLC-Control

Märklin Railway

Märklin Digital Model Railway Control via serial interface 9600 Bit/sec S-88 Bus and controller Configurable train speed Feedback via rail sensors About 20 switches Controlled by x86 PC Currently running W2K

Running .NET on devices

Why ?

– Rapid software development for embedded devices – Object-oriented programming model, type safety – Many available tools, know-how, many experts – Code access security for remote lab experiments

How ? Possibilities:

– PC-based execution – Communication to device for I/O – Native execution of translated IL-Code – Interpretation of stripped IL-Code on the device – Running .NET on more powerful embedded

devices to control small embedded devices

CLI2RCX- .NET runtime for Lego Mindstorm

Our gcc (Gnu Compiler Collection) frontend supports the full

ECMA-335 standard and can parse any conformant .NET assembly.

Port for Renesas/Hitachi H8-300 microcontroller underway

–

Extremely small footprint (32 KB memory)

–

Variable and method definitions, method calls, integer ops up and running

ildasm

.Net Assembly

C#

VB .Net C++ .Net

RCX binary (srec - format) target binaries

GCC

CIL Front End RTL Hitachi H8-300 Back End Backends mnemonic CIL Assembly

Hitachi H8300 Backend

Mirco.NET - .NET Interpreter for Lego Mindstorm

• Application assemblies merged and striped (meta

data, portable executable header, references)

• Application merged to one „micro“ assembly and

transferred to device embedded device

• Interpreter reads “micro” executions according

instructions using a separate runtime

Micro IL Assembly

Application Assembly Dependencies Base Class Library Dependencies Dependency

Micro IL Assembly

Runtime Interpreter Operating System Hardware

Embeddded Device Host

strip merge download

CLI2RCX- .NET – Current State

Version 1.0 release implements the following

features of the .NET platform:

– primitive datatypes: bool, byte, short, int – classes, including instance attributes and properties. – static and instance methods, including parameters,

local variables, and constructors.

– arithmethic operations – control flow operations: conditional and

unconditional branch instructions.

CLI2RCX- .NET – Current State

The following features are not yet supported (as are

most features not mentioned in either list):

– most value types (enums, structs, delegates, floats, doubles) – strings – single-dimensional zero-based arrays (partially complete) – multi-dimensional or non-zero-based arrays – Inheritance, polymorphism, and late binding – interfaces – exceptions – static class attributes, class constructors, events – boxing and unboxing – arithmetic instructions that detect overflows – any predefined class except for System.Object

Related Work

“Verbund Virtuelles Labor” project at University

Reutlingen / Germany

iLab project (WebLab) at MIT Virtual Lab at University of Hagen /Germany Tele-Laboratory at University of Pisa Tele-Lab / Simplex architecture “Ein ferngesteuertes Labor im Internet”

www.remote-lab.de