Worst-Case Analysis of Digital Control Loops with Uncertain - - PowerPoint PPT Presentation

Worst-Case Analysis of Digital Control Loops with Uncertain Input/Output Timing

(Benchmark Proposal) Maximilian Gaukler and Peter Ulbrich

Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)

ARCH’19, Montréal, Canada April 15, 2019

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

1

Motivation

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Motivation Plant Controller

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Motivation Plant Controller Controller Design: input/output assumed periodic

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Motivation

Real-time computing system

Plant Controller Other applications and controllers Controller Design: input/output assumed periodic

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Motivation

Real-time computing system

Plant Controller Other applications and controllers Controller Design: input/output assumed periodic

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Motivation

Real-time computing system

Plant Controller Other applications and controllers Controller Design: input/output assumed periodic Modern Real-Time Systems:

• Network / bus systems
• Smart sensors
• High complexity
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Motivation

Real-time computing system

Plant Controller Other applications and controllers Controller Design: input/output assumed periodic Modern Real-Time Systems:

• Network / bus systems
• Smart sensors
• High complexity

Strict timing is difficult!

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Motivation

Real-time computing system

Plant Controller Other applications and controllers

Input timing Output timing

Controller Design: input/output assumed periodic Modern Real-Time Systems:

• Network / bus systems
• Smart sensors
• High complexity

Strict timing is difficult! Desired Alternative: Allow some timing deviation Formal safety guarantees?

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

2

Timing Model: Periodic Timing Windows kT (k − 1)T (k + 1)T t dataflow

Sample y[k − 1] Compute u[k] Actuate u[k] Sample y[k] Compute u[k + 1] Actuate u[k +1] Sample y[k + 1] Actuate u[k −1]

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

3

Timing Model: Periodic Timing Windows kT (k − 1)T (k + 1)T t dataflow

Sample y[k − 1] Compute u[k] Actuate u[k] Sample y[k] Compute u[k + 1] Actuate u[k +1] Sample y[k + 1] Actuate u[k −1]

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

3

Timing Model: Periodic Timing Windows kT (k − 1)T (k + 1)T t dataflow

Sample y[k − 1] Compute u[k] Actuate u[k] Sample y[k] Compute u[k + 1] Actuate u[k +1] Sample y[k + 1] Actuate u[k −1]

∆t

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

3

Timing Model: Periodic Timing Windows kT (k − 1)T (k + 1)T t dataflow

Sample y[k − 1] Compute u[k] Actuate u[k] Sample y[k] Compute u[k + 1] Actuate u[k +1] Sample y[k + 1] Actuate u[k −1]

∆t ∆t ∆t

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

3

Formalization: Hybrid Automata

clock (τ, startOfCycle) Controller and Clock . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

Plant . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

unext,1 unext,m u1 um y1 yp yd,1 yd,p

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

4

Formalization: Hybrid Automata

clock (τ, startOfCycle) Controller and Clock . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

Plant . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

unext,1 unext,m u1 um y1 yp yd,1 yd,p always ˙ τ = 1, ˙ xd = 0 −T/2 ≤ τ ≤ T/2 startOfCycle τ = T/2 τ ′ = −T/2, x′

d = fd(xd, yd)

T 2T

T 2

− T

2

t Clock (τ) Controller (xd) Controller output: unext = gd(xd)

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

4

Formalization: Hybrid Automata

clock (τ, startOfCycle) Controller and Clock . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

Plant . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

unext,1 unext,m u1 um y1 yp yd,1 yd,p ˙ xp(t) = fp(xp(t), u(t), d(t)) y(t) = gp(xp(t), d(t)) d(t) ∈ D

• Multiple inputs and outputs
• Bounded disturbance and measurement noise
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

4

Formalization: Hybrid Automata

clock (τ, startOfCycle) Controller and Clock . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

Plant . . . Sample-and-Hold

with timing uncertainty

Sample-and-Hold

with timing uncertainty

unext,1 unext,m u1 um y1 yp yd,1 yd,p wait ˙

• ut = 0

τ ≤ ∆t done ˙

• ut = 0

∆t ≤ τ ≤ ∆t

• ut′

= in startOfCycle

(T + ∆t) T (T + ∆t) 2T

t

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

4

Benchmark Setup

1 System model: network of hybrid automata

• Machine-readable, unambiguous
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

5

Benchmark Setup

1 System model: network of hybrid automata

• Machine-readable, unambiguous

2 Verification goal: tight worst-case bounds (infinite-time reachable set)

• Metric: bloating factor
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

5

Benchmark Setup

1 System model: network of hybrid automata

• Machine-readable, unambiguous

2 Verification goal: tight worst-case bounds (infinite-time reachable set)

• Metric: bloating factor

x2 x1 simulation analysis a b K = b a = “ upper bound from analysis worst observed in simulation ”

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

5

Benchmark Setup

1 System model: network of hybrid automata

• Machine-readable, unambiguous

2 Verification goal: tight worst-case bounds (infinite-time reachable set)

• Metric: bloating factor

3 Example systems

• Linear, no disturbance
• From 1D examples to a simplified 3-axis quadrocopter controller
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

5

Benchmark Setup

1 System model: network of hybrid automata

• Machine-readable, unambiguous

2 Verification goal: tight worst-case bounds (infinite-time reachable set)

• Metric: bloating factor

3 Example systems

• Linear, no disturbance
• From 1D examples to a simplified 3-axis quadrocopter controller

4 Experiments with SpaceEx: Success only for trivial examples

Reachable set over time: 1D, small uncertainty 1D, large uncertainty × 3D, perfect timing (!)

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

5

Summary and Outlook

• Problem: Timing uncertainties in digital control
• Hard to avoid
• Verification is challenging, but of high practical relevance
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

6

Summary and Outlook

• Problem: Timing uncertainties in digital control
• Hard to avoid
• Verification is challenging, but of high practical relevance
• Is a pure hybrid-automata approach suitable here?
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

6

Summary and Outlook

• Problem: Timing uncertainties in digital control
• Hard to avoid
• Verification is challenging, but of high practical relevance
• Is a pure hybrid-automata approach suitable here?
• Future work: “non-hybrid” alternatives
• Continuous-time abstraction: continuization
• Discrete-time: LMI-based robust stability
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

6

Summary and Outlook

• Problem: Timing uncertainties in digital control
• Hard to avoid
• Verification is challenging, but of high practical relevance
• Is a pure hybrid-automata approach suitable here?
• Future work: “non-hybrid” alternatives
• Continuous-time abstraction: continuization
• Discrete-time: LMI-based robust stability

Can your tool solve the benchmark? http://qronos.de → Files and code (GPLv3)

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

6

Appendix

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

7

Experimental Results 1D example np nd m p timing SpaceEx tSE KSE A2 1 1 1 1 varying (negligible)

• 1 s

1.001 A1 1 1 1 1 varying (small)

• 1 s

1.010 A3 1 1 1 1 varying (medium)

• 2 s

1.059 A4 1 1 1 1 varying (large) × error (GLPK) — — A5 2 2 2 2 varying (like A3) × crash (GLPK) — — 3D, trivial (stable, negligible controller) B1 3 2 2 1 varying

• 16 s

1.097 1-axis quadrotor angular rate control C1 1 2 1 1 constant × timeout — — C2 1 2 1 1 varying × crash — — 3-axis quadrotor angular rate control D1 3 6 4 3 constant × diverging — — D2 3 6 4 3 varying × crash — —

• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

8

Experiments: Discussion

• Structural problem: Failures even with ∆t = 0

Tools optimized for mostly-continuous systems? = here: many discrete transitions, “unstable” inbetween

• Dimension problematic: 2(#inputs+#outputs) discrete states
• M. Gaukler: Digital Control Loops with Uncertain Input/Output Timing

9