[PPT] - Page 1 Model-based Programming Control Program Hidden State PowerPoint Presentation

SLIDE 1

Page 1

Chart: 1

A Reactive Model-based Programming Language for Robotic Space Explorers

Michel Ingham, Robert Ragno, Brian Williams

MIT Space Systems Lab MIT Artificial Intelligence Lab Cambridge, MA i-SAIRAS June 21, 2001

Chart: 2

Outline

Motivation, Objective & Approach
Example Scenario
Introduction to Model-based Programming
Reactive Model-based Programming Language

(RMPL) Overview

Compilation and Execution of Model-based Programs
Future work

Chart: 3

Motivation for Highly Autonomous Systems

DS-1

Chart: 4

State-of-the-art Autonomy S/W

key challenge: complexity of s/w interfaces
different modules require distinct knowledge representation

– benefit: ability to reason at different levels of abstraction – drawbacks: potential divergent models, knowledge duplication

Diagnosis & Repair Mission Manager Scripted Executive Planner/ Scheduler

Goals Planning models Scripts Component models

Chart: 5

Research Goal

Barrier to wide deployment of autonomy s/w: Our goal: head toward unified representation of spacecraft accommodate complexities of spacecraft domain maintain capacity for knowledge abstraction numerous tasks use variety of modeling & programming languages

Chart: 6

Approach

To reach this goal, we introduce:

Model-based Programming

(a novel approach to designing embedded s/w systems)

Reactive Model-based Programming Language

(a language for encoding model-based programs)

Today’s objective: show how M-B Programming & RMPL provide a framework for robust sequencing

SLIDE 2

Page 2

Chart: 7

Model-based Programming Example Scenario

EngineA EngineB Science Camera EngineA EngineB Science Camera

Orbital Insertion Scenario:

Consider a simplified spacecraft, consisting of two identical redundant engines and a science camera

Chart: 8

Control Program

Control program specifies state trajectories:

must fire one of the two engines
set both engines to ‘standby’
prior to firing engine, camera must be

turned off to avoid plume contamination

in case of primary engine failure, fire

backup engine instead

OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 9

Hidden State

Note that states like (EngineA = Standby) are not

DIRECTLY observable or controllable…

Thinking in terms of such “hidden states” makes the

task of writing the control program much easier

Model-based Programming provides a way to infer

and control these hidden states

(thrust = zero) AND (power_in = nominal) last command issued = last command issued = “ “standby standby-

cmd

cmd” ”

⇒ (EngineA = Standby)

Given observations… and command history… can infer “hidden state”! Similarly, can use system knowledge to “figure out” how to achieve this state.

[Turn on DriverA]; [Open ValveA]

Chart: 10

Simplified S/C System Model

Standby Standby

Engine Model Engine Model

Off Off Failed Failed Firing Firing On On

Camera Model Camera Model

Off Off

component modes…

Chart: 11

Simplified S/C System Model

Standby Standby

Engine Model Engine Model

Off Off Failed Failed

(thrust = full) AND (power_in = nominal)

Firing Firing

(thrust = zero) AND (power_in = zero) (thrust = zero) AND (power_in = nominal)

On On

Camera Model Camera Model

Off Off

(power_in = zero) AND (shutter = closed) (power_in = nominal) AND (shutter = open)

component modes… described by constraints on variables…

Chart: 12

Simplified S/C System Model

Standby Standby

Engine Model Engine Model

Off Off Failed Failed

ff
ff-
cmd

cmd standby standby-

cmd

cmd 0.01 0.01 (thrust = full) AND (power_in = nominal)

Firing Firing

0.01 0.01 standby standby-

cmd

cmd fire fire-

cmd

cmd (thrust = zero) AND (power_in = zero) (thrust = zero) AND (power_in = nominal)

On On

Camera Model Camera Model

Off Off

turnoff turnoff-

cmd

cmd turnon turnon-

cmd

cmd (power_in = zero) AND (shutter = closed) (power_in = nominal) AND (shutter = open)

component modes… described by constraints on variables… deterministic and probabilistic transitions

SLIDE 3

Page 3

Chart: 13

Control Program

Model-based Programming

Deductive Mode Estimator & Reactive Planner

Commands Configuration goals Observations

Flight System Control RT Control Layer

Onboard Sequencer

State estimates

System Model Control Program

Fundamental principle:

Control programs can be written by asserting and checking STATES which may be “hidden”, rather than operating directly on observable or control variables…

Chart: 14

Model-based Programming

Control Program

Deductive Mode Estimator & Reactive Planner

Commands Configuration goals Observations

Flight System Control RT Control Layer

Onboard Sequencer

State estimates

System Model

Such a control program is input to a sequencing engine, for onboard execution.

Onboard Sequencer

Chart: 15

Model-based Programming

Control Program

Deductive Mode Estimator & Reactive Planner

Commands Configuration goals Observations

Flight System Control RT Control Layer

Onboard Sequencer

State estimates

System Model

An underlying mode estimation and reactive planning layer uses a model of the system to deduce the system state from the observations, and to figure out how to achieve a specified goal state.

Deductive Mode Estimator & Reactive Planner

System Model

Observations Commands

Chart: 16

Model-based Programming

Control Program

Deductive Mode Estimator & Reactive Planner

Commands Configuration goals Observations

Flight System Control RT Control Layer

Onboard Sequencer

State estimates

System Model

An underlying mode estimation and reactive planning layer uses a model of the system to deduce the system state from the observations, and to figure out how to achieve a specified goal state.

State estimates Configuration goals

Chart: 17

RMPL Constructs

constraint
concurrency
sequential ordering
conditional branching
guarded transition
iteration
extended guarded transition
iterated guarded transition
preemption

c

(parallel exp1 exp2 …) (sequence exp1 exp2 …) (if-thennext-elsenext c then-exp else-exp) (unless-thennext c exp) (always exp) (when-donext c exp) (whenever-donext c exp) (do-watching c exp)

Chart: 18

RMPL Model of Computation

To support efficient execution, RMPL code is compiled

into Hierarchical Constraint Automata (HCA):

(always A) A (when-donext c A) A c c _ (whenever-donext c A) A c (do-watching c A)

MAINTAIN( c ) _

A c c (parallel A B ) A B (if-thennext-elsenext c A B ) A c B c _ (unless-thennext c A) A c _

SLIDE 4

Page 4

Chart: 19

RMPL Control Program

OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 20

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 21

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 22

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 23

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 24

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

SLIDE 5

Page 5

Chart: 25

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 26

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 27

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 28

Compiling RMPL to HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO OrbitInsert():: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing))))

Chart: 29

Executing HCA

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

Nominal (i.e. fault-free)

rbital insertion scenario

Chart: 30

Executing HCA - Step 1

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

initialize HCA by marking

all start locations

SLIDE 6

Page 6

Chart: 31

Executing HCA - Step 1

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

EAS

initialize HCA by marking

all start locations

assert states from

currently marked locations

Control Program

Deductive Mode Estimator & Reactive Planner

Commands Configuration goals Observations Flight System Control RT Control Layer

Onboard Sequencer

State estimates System Model

EBS CO

Chart: 32

Executing HCA - Step 1

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

initialize HCA by marking

all start locations

assert states from

currently marked locations

obtain state update

Control Program

Deductive Mode Estimator & Reactive Planner

Commands Configuration goals Observations Flight System Control RT Control Layer

Onboard Sequencer

State estimates System Model

Camera = Off

Chart: 33

Executing HCA - Step 1

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

initialize HCA by marking

all start locations

assert states from

currently marked locations

obtain state update
take enabled transitions:
location’s state assignment

achieved

transition and maintenance

conditions currently hold true

Achieved

X X

Not yet Achieved Not yet Achieved Chart: 34

Executing HCA - Step 1

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

initialize HCA by marking

all start locations

assert states from

currently marked locations

obtain state update
take enabled transitions:
location’s state assignment

achieved

transition and maintenance

conditions currently hold true

mark new set of locations

Chart: 35

Executing HCA - Step 2

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

(EngineA = Standby) &

(EngineB = Standby) achieved in this step

Chart: 36

Executing HCA - Step 2

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

(EngineA = Standby) &

(EngineB = Standby) achieved in this step

two execution threads

terminated & two transitions enabled

Achieved Achieved

X X

SLIDE 7

Page 7

Chart: 37

Executing HCA - Step 3

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

(EngineA = Firing)

asserted in this step, but not yet achieved

Not yet Achieved

X

Chart: 38

Executing HCA - Step 4

MAINTAIN (EAR OR EBR) EBS CO LEGEND: EAS (EngineA = Standby) EAF (EngineA = Failed) EAR (EngineA = Firing) EBS (EngineB = Standby) EBF (EngineB = Failed) EBR (EngineB = Firing) CO (Camera = Off) MAINTAIN (EAF) EAS (EAS AND CO) EAR EAS AND CO (EAF AND EBS AND CO) EBR EAF AND EBS AND CO

(EngineA = Firing)

achieved in this step

maintenance condition

violated, HCA block exited

X

Chart: 39

Model-based Programming

Advantages over traditional approaches to embedded s/w development:

Abstraction:

straightforward conversion of system engineering knowledge into flight code
easier to specify desired state than control actions needed to reach it

Powerful inference engines

e.g. Livingstone (part of DS-1 Remote Agent), Burton
more flexible and robust than traditional rule-based engines

Modularity

model-based flight s/w can accommodate late design changes
allows for transparent upgrading of deductive engines

Model reusability

over time, build up database of models for subsystems and components
reduce need for single-use flight code

Verifiability

state-based control code & system models “readable” by system engineers

Chart: 40

Conclusion

We have discussed design of M-B Executive, consisting of:

– sequencing layer coded in RMPL & compiled down to HCA – underlying deductive layer providing ME & RP capabilities, based on system models expressed in RMPL

In current implementation, sequencing and deductive layer

are distinct

Eventual goals:

– integration of both capabilities into a unified system, eliminating need for separately maintaining control program and system models – incorporate planning and scheduling capabilities (‘Kirk’ planner, currently under development) – accommodate continuous dynamics (Hybrid MPL, currently under development)

Chart: 41

Backup Slides

Chart: 42

RMPL Overview

Object-oriented language allowing a domain to be

structured through a component or process hierarchy

RMPL control programs can be viewed as

deterministic state transition systems, acting on the plant by asserting and checking constraints in propositional state logic

Propositions are assignments of state variables to

values within their domains

Reactive combinators allow flexibility in expression of

complex system behavior and dynamic relations

Similar to constructs in Timed CC (Saraswat, et al.)

SLIDE 8

Page 8

Chart: 43

RMPL

Control program must capture following types of behavior:

conditional branching
iteration
preemption
concurrency

Chart: 44

Expressiveness of RMPL

To serve as foundation for model-based execution, RMPL

must provide key features of:

– synchronous programming languages

used in industrial embedded reactive systems e.g. Esterel, Lustre, Signal

– advanced robotic execution languages

provide robust sequencing for ground-based robots and autonomous s/c e.g. ESL, RAPs, TDL