Supervisory Control Synthesis the Focus in Model-Based Systems Engineering

Transcription

1 Supervisory Control Synthesis the Focus in Model-Based Systems Engineering Jos Baeten and Asia van de Mortel-Fronczak Systems Engineering Group Department of Mechanical Engineering November 23, 2011

2 What is a model? 2 A model is an abstraction. Structure. Behavior. Other characteristics such as energy consumption.

3 Use of models in the system life cycle 3 Behavioral models use mathematics: Continuous mathematics (calculus). Mechanics, feedback control. Matlab. Discrete mathematics (algebra, logic). Computer science, supervisory control. Verum. Probability, stochastics (queueing, Markov). Performance, optimization. Ortec, CQM. Combinations: hybrid. χ.

4 Structural models 4 Architecture. Sysarch of ESI. Components are subsystems or aspect-systems. Levels of abstraction: function (what), process (how), resource (with).

5 V model 5

6 Behavorial models 6 Manufacturing networks continuous-state time-driven for performance analysis Manufacturing machines discrete-state event-driven for supervisory control synthesis continuous-state time-driven for control synthesis

7 Embedded systems 7 User Supervisory controller(s) Control components Resource controller(s) Actuators Sensors Physical components Structure

8 Semiconductor 8 Supply chain with nodes (fab, assembly, test) Node (fab) with areas (implant, photo, metal) Area (photo) with cells (litho, metrology) Cell (litho) with tools (track, scanner) Tool (scanner) with process units (lens, laser), and handlers (stage, wafer, reticle) Handler (stage) with frame, transducers, and controllers Transducers with mechanics, electronics, optics, and pneumatics

9 System development 9 Key performance indicators F, Q, T, C: F functionality, complexity increase Q quality should be maintained T time-to-market increases C cost increases Control software greater in size and complexity Control software time-consuming testing

10 Model-based systems engineering 10 design model realize R S D S S S define define R design D Interface I define design model realize R P D P P P

11 Model-based systems engineering 11 design model realize R S D S S S define integrate integrate define R design D Interface I define integrate integrate design model realize R P D P P P simulation and verification early integration validation and testing

12 Synthesis-based systems engineering 12 model synthesize generate R S R S S S define integrate integrate define R design D Interface I define integrate integrate design model realize R P D P P P

13 Synthesis-based systems engineering 13 model synthesize generate R S R S S S define integrate integrate define R design D Interface I define integrate integrate design model realize R P D P P P simulation and verification early integration validation and testing

14 Supervisory control problem 14 Plant P and supervisor S form a discrete-event system: S S(s) s P P under control of S (S/P) satisfies requirement R S does not disable uncontrollable events Output of S only depends on observable outputs of P S/P is nonblocking S is optimal (maximally permissive)

15 Illustration 15 A workcell consists of two machines M 1 and M 2, and an automated guided vehicle AGV. a 1 M 1 M 2 B b 1 a 2 b 2 AGV c Components functionality: AGV can load a workpiece at M1 /M 2 and unload it at M 2 /B.

16 Illustration 16 M 1, M 2, and AGV are modeled by automata: M 1 : a 1 M 2 : a 2 Idle b 1 Busy Idle b 2 Busy AGV: b 1 b 2 At_M 1 a 2 Empty At_M c 2

17 Uncontrolled system P is the synchronous product of M 1, M 2 and AGV: 17 a 1 b 1 a a 2 a 1 a 2 b 1 a 1 c c b 2 b 2 8 a 1 9 Absence of control results in a blocking situation (deadlock in state 7). In this case, we have no additional restrictions on admissible behavior.

18 Blocking and controllability 18 The system under control of the following "supervisor" avoids the blocking situation. a 1 b 1 a a 2 a 1 a c c b 2 b 2 8 a 1 9 This "supervisor" disables uncontrollable event b1 in state 5. A supervisor may only disable controllable events.

19 Blocking and controllability 19 The following "supervisor" avoids state 5 by disabling controllable a 2 in state 3 and controllable a 1 in state 4. a 1 b 1 a a 2 4 c c b 2 8 a 1 9 This "supervisor" introduces a new blocking situation, state 3.

20 Supervisor 20 Finally, the following supervisor delivers a proper optimal control to the plant. a 1 b a 2 4 c c b 2 8 a 1 9

21 Supervisory control theory 21 Provides means to synthesize S Conceptually simple framework (based on automata) Computational complexity is high for systems of industrial size Several advanced techniques to reduce synthesis complexity: Modular Hierarchical Interface-based hierarchical Coordinated distributed Aggregated distributed

22 Distributed control architecture 22 Global command P 1 Local command S 1 Local observation Command fusion Composition of P 1 and P 2 Local command Global command S 2 P 2 Local observation

23 Coordinated distributed synthesis 23 S P = W 1 W 2, R W 1 = (P 1 S 1 )/ 1 W 2 = (P 2 S 2 )/ 2 P 1, R 1 S 1 P 2, R 2 S 2

24 Aggregated distributed synthesis 24 W 1 = (P 1 S 1 )/ 1 P 1, R 1 S 1 P 2 W 1, R 2 S 2

25 Industrial cases 25 Supervisory control synthesis for: Patient support system of an MRI scanner Communication system of an MRI scanner

26 Patient support system of an MRI scanner 26 Safe tabletop handling User interface Light sight Bore Patient support table

27 Control requirements 27 Ensure that the tabletop does not move beyond its vertical and horizontal end positions. Prevent collisions of the tabletop with the magnet. Define the conditions for manual and automatic movements of the tabletop. Enable the operator to control the system by means of the manual button and the tumble switch.

28 Results 28 A centralized supervisor was synthesized using the TCT tool [Wonham]. The system under control of the supervisor was validated using simulation. The supervisor was tested on the real system. After a functional change, approximately four hours work was needed to repeat the above steps.

29 Results 29 Plant model: 672 states. Requirement model: states. The supervisor: states.

30 Industrial cases 30 Exception handling in printers Coordination of maintenance procedures in printers

31 Océ printer 31 Coordination of maintenance procedures in printers

32 Control requirements 32 Maintenance operations may only be performed if the power mode of the printing process is Standby. Maintenance operations should be scheduled if their soft deadline is reached and no print jobs are in progress or if their hard deadline is reached. Only scheduled maintenance operations can be started. The power mode of the printing process should conform to the mode determined by the print job managers unless it is overridden by a pending maintenance operation.

33 Results 33 A centralized supervisor was synthesized using the synthesis tool based on state-tree structures [Ma]. The system under control of the supervisor was validated using simulation. The supervisor is converted to C++ for execution on the existing control platform.

34 Results 34 Plant model: 25 automata with 2 to 24 states. Requirements: 23 generalized state-based expressions (more than 500 standard state-based expressions). The supervisor: states.

35 Industrial cases ETF Multi Mover Passenger safety in theme park vehicles 35

36 Theme park vehicle Handling of proximity, emergency, and hardware errors in theme park vehicles 36 User Interface (3 LEDs/3 buttons) (on/off) Scene Program Handler (on/off) Steer Motor (on/off) Drive Motor (on/off/stopped) Ride Control (start/stop) Battery (empty/ok) 4 Proximity Sensors (on/off) Bumper Switch (on/off)

37 Control requirements 37 To avoid collisions with other vehicles or obstacles, the multimover should drive at a safe speed and stop if the obstacle is too close to it. The vehicle should stop immediately and should be powered off when: a collision or a system failure occurs, the battery level is too low. After the problem is resolved, the multimover should be manually deployed back into the ride by an operator.

38 Results 38 A centralized supervisor was synthesized using the synthesis tool based on state-tree structures [Ma]. A distributed supervisor was synthesized using the synthesis tool based on automaton abstraction [SE group]. The system under control of both supervisors was validated using simulation. Both supervisors were tested on the real system. After a functional change, approximately four hours work was needed to repeat the above steps.

39 Results 39 Plant model: 17 automata with 2 to 4 states. Requirements: 30 automata with 2 to 7 states. Distributed supervisor: Module # states LED actuation 25 Motor actuation 41 Button handling 465 Emergency handling 89 Proximity handling 225

40 Industrial cases 40 Cruise control of a truck

41 Tool chain for SCS 41 R S R S SCST S CODEGEN S R S/P D S/P SIMULATOR DE SIMULATOR HY SIMULATOR RT CONTROLLER RT R P P DE P HY P Algorithms for synthesis Model transformations Common Interchange Format

42 Conclusions 42 Model-based systems engineering gives faster product development Supervisor synthesis eliminates manual design of control software and reduces testing effort Successful proofs of concept delivered for implementation of advanced synthesis techniques Event-based distributed framework supports reconfigurability Synthesis-based systems engineering is applicable in industry for developing supervisory controllers Formal models and methods are essential for high-tech systems design

43 43 Supervisory Control Synthesis the Focus in Model-Based Systems Engineering Jos Baeten and Asia van de Mortel-Fronczak Systems Engineering Group Department of Mechanical Engineering November 23, 2011