Approved for Public Release, Distribution Unlimited Pervasive Self-Regeneration through Concurrent Model-Based Execution Brian Williams (PI) Paul Robertson.

Slides:

Advertisements

Similar presentations

Corso di Sistemi in Tempo Reale Laurea in Ingegneria dell‘Automazione a.a Paolo Pagano

Advertisements

MBD and CSP Meir Kalech Partially based on slides of Jia You and Brian Williams.

Towards a Theoretic Understanding of DCEE Scott Alfeld, Matthew E

Lecture 8: Three-Level Architectures CS 344R: Robotics Benjamin Kuipers.

Dynamic Domain Architectures for Model Based Autonomy MoBIES Embedded Software Working Group Meeting April B. Williams, B. Laddaga, H. Shrobe,

Robot Sensor Networks. Introduction For the current sensor network the topography and stability of the environment is uncertain and of course time is.

MBD in real-world system… Self-Configuring Systems Meir Kalech Partially based on slides of Brian Williams.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

CS 795 – Spring  “Software Systems are increasingly Situated in dynamic, mission critical settings ◦ Operational profile is dynamic, and depends.

Bastien DURAND Karen GODARY-DEJEAN – Lionel LAPIERRE Robin PASSAMA – Didier CRESTANI 27 Janvier 2011 ConecsSdf Architecture de contrôle adaptative : une.

Autonomous Robot Navigation Panos Trahanias ΗΥ475 Fall 2007.

Brent Dingle Marco A. Morales Texas A&M University, Spring 2002

Experiences with an Architecture for Intelligent Reactive Agents By R. Peter Bonasso, R. James Firby, Erann Gat, David Kortenkamp, David P Miller, Marc.

Modeling and Planning with Robust Hybrid Automata Cooperative Control of Distributed Autonomous Vehicles in Adversarial Environments 2001 MURI: UCLA, CalTech,

® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

Sheila McIlraith, Knowledge Systems Lab, Stanford University DX’00, 06/2000 Diagnosing Hybrid Systems: A Bayesian Model Selection Approach Sheila McIlraith.

The Need of Unmanned Systems

October 17-19, 2001ESA Workshop “On-Board Autonomy” Efficiency Issues in Model-Based Approaches to On-Board Diagnosis P.Torasso, C.Picardi and L. Console.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Aeronautics & Astronautics Autonomous Flight Systems Laboratory All slides and material copyright of University of Washington Autonomous Flight Systems.

INTEGRATED PROGRAMME IN AERONAUTICAL ENGINEERING Coordinated Control, Integrated Control and Condition Monitoring in Uninhabited Air-Vehicles Ian Postlethwaite,

What is it? A mobile robotics system controls a manned or partially manned vehicle-car, submarine, space vehicle | Website for Students.

Model-based Programming of Fault Aware Systems Brian C. Williams CSAIL, MIT.

1 DARPA TMR Program Collaborative Mobile Robots for High-Risk Urban Missions Second Quarterly IPR Meeting January 13, 1999 P. I.s: Leonidas J. Guibas and.

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Tufts Wireless Laboratory School Of Engineering Tufts University “Network QoS Management in Cyber-Physical Systems” Nicole Ng 9/16/20151 by Feng Xia, Longhua.

A Hierarchical Approach to Model-based Reactive Planning in Large State Spaces Artificial Intelligence & Space Systems Laboratories Massachusetts Institute.

September1 Managing robot Development using Agent based Technologies Dr. Reuven Granot Former Scientific Deputy Research & Technology Unit Directorate.

EENG 1920 Chapter 1 The Engineering Design Process 1.

The Role of Optimization and Deduction in Reactive Systems P. Pandurang Nayak NASA Ames Research Center Brian.

Features, Policies and Their Interactions Joanne M. Atlee Department of Computer Science University of Waterloo.

1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.

What are the main differences and commonalities between the IS and DA systems? How information is transferred between tasks: (i) IS it may be often achieved.

.1 RESEARCH & TECHNOLOGY DEVELOPMENT CENTER SYSTEM AND INFORMATION SCIENCES JHU/MIT Proprietary Titan MESSENGER Autonomy Experiment.

16.412J/6.835 Intelligent Embedded Systems Prof. Brian Williams Rm Rm NE Prof. Brian Williams Rm Rm NE43-838

卓越發展延續計畫分項三 User-Centric Interactive Media ~ 主持人 : 傅立成共同主持人 : 李琳山，歐陽明，洪一平，陳祝嵩水美溫泉會館研討會

Aero/Astro Open House MERS Research Group Model-based Embedded and Robotic Systems Group Space Systems Laboratory Massachusetts Institute of Technology.

DSL Distributed Systems Laboratory ATC 23 August Model Mission: Magnetospheric Multiscale (MMS) Mission Goal “To study the microphysics of three.

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

1 Distributed and Optimal Motion Planning for Multiple Mobile Robots Yi Guo and Lynne Parker Center for Engineering Science Advanced Research Computer.

Pervasive Self-Regeneration through Concurrent Model-Based Execution Brian Williams (PI) Paul Robertson MIT Computer Science and Artificial Intelligence.

THE VISION OF AUTONOMIC COMPUTING. WHAT IS AUTONOMIC COMPUTING ? “ Autonomic Computing refers to computing infrastructure that adapts (automatically)

Software Maintenance Speaker: Jerry Gao Ph.D. San Jose State University URL: Sept., 2001.

Ｉｎｔｒｏｄｕｃｔｉｏｎ of Intelligent Agents

Chapter 1. Cognitive Systems Introduction in Cognitive Systems, Christensen et al. Course: Robots Learning from Humans Park, Sae-Rom Lee, Woo-Jin Statistical.

Chapter 10. The Explorer System in Cognitive Systems, Christensen et al. Course: Robots Learning from Humans On, Kyoung-Woon Biointelligence Laboratory.

Model-based Programming of Cooperative Explorers Prof. Brian C. Williams Dept. of Aeronautics and Astronautics Artificial Intelligence Labs And Space Systems.

Smart Home Technologies

Discovery and Systems Health Technical Area NASA Ames Research Center - Computational Sciences Division Automated Diagnosis Sriram Narasimhan University.

Boeing-MIT Collaborative Time- Sensitive Targeting Project July 28, 2006 Stacey Scott, M. L. Cummings (PI) Humans and Automation Laboratory

Robotic Space Explorers: To Boldly Go Where No AI System Has Gone Before A Story of Survival J/6.834J September 19, 2001.

Outline Deep Space One and Remote Agent Model-based Execution OpSat and the ITMS Model-based Reactive Planning Space Robotics.

Space Systems Laboratory Massachusetts Institute of Technology AUTONOMY MIT Graduate Student Open House March 24, 2000.

Autonomous Mission Management of Unmanned Vehicles using Soar Scott Hanford Penn State Applied Research Lab Distribution A Approved for Public Release;

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Copyright B. Williams J/6.834J, Fall 02 Lecture 3: Immobile Robots and Space Explorers Prof. Brian Williams Rm Wednesday, September 11 th,

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Programming Cooperative Teams To Perform Global Science HOME TWO Enroute COLLECTION.

Autonomy: Executive and Instruments Life in the Atacama 2004 Science & Technology Workshop Nicola Muscettola NASA Ames Reid Simmons Carnegie Mellon.

Context-Aware Middleware for Resource Management in the Wireless Internet US Lab 신현정.

Monitoring Dynamical Systems: Combining Hidden Markov Models and Logic

Reading B. Williams and P. Nayak, “A Reactive Planner for a Model-based Executive,” International Joint Conference on Artificial Intelligence, 1997.

Automation as the Subject of Mechanical Engineer’s interest

Model-based Diagnosis: The Single Fault Case

CS b659: Intelligent Robotics

NASA Ames Research Center

AI in Space – Lessons From NASA’s Deep Space 1 Mission

Presented By: Darlene Banta

Self-Managed Systems: an Architectural Challenge

Presentation transcript:

Approved for Public Release, Distribution Unlimited Pervasive Self-Regeneration through Concurrent Model-Based Execution Brian Williams (PI) Paul Robertson MIT Computer Science and Artificial Intelligence Laboratory

Approved for Public Release, Distribution Unlimited 7/20/042 Outline What we are trying to do. Demonstration scenario and test bed. Implications of successful results. Technical approach. What is new. Anticipated challenges. Technology transition. Looking forward: next steps.

Approved for Public Release, Distribution Unlimited 7/20/043 What we are trying to do Why software fails: –Software assumptions about the environment become invalid because of changes in the environment. –Software changes introduce incompatibilities. –Software is attacked by a hostile agent. What can be done when software fails: –Recognize that a failure has occurred. –Diagnose what has failed – and why. –Find an alternative way of achieving the intended behavior. Runtime Models

Approved for Public Release, Distribution Unlimited 7/20/044 Building upon a proven technology base. By extending RMPL to support software failure, we can extend robustness in the face of hardware failures to robustness in the face of software failures. Many of the same issues pertain: –Detection of faulty behavior –Diagnosis of the fault given faulty behavior –Reconfiguration of the software to achieve intended behavior using different software components. –Select among alternatives to maximize utility.

Approved for Public Release, Distribution Unlimited 7/20/045 Deliverables Model-based programming tools –A language for modeling (RMPL): The process in terms of desired state evolutions; The components; and The environment. Model-based executives that provide: –Safe optimal dispatch. –Redundant methods. –Continuous monitoring and diagnosis. –Regeneration and optimization.

Approved for Public Release, Distribution Unlimited 7/20/046 Architectural overview S Plant Obs Cntrl Model-based Embedded Programs S Continuous Reactive Commanding Continuous Mode/State Estimation Model Desiderata: languages that are Suspicious Monitor intentions and plans Self-Adaptive Exploits and generates contingencies State and Fault Aware Anticipatory –“Model-predictive languages” –Plans and verifies into the future –Predicts future states –Plans contingencies

Approved for Public Release, Distribution Unlimited 7/20/047 Basic assumptions for our approach Objectives for the RMPL language –Low overhead The effort required of the programmers to achieve robustness should be small compared to the effort required to implement the base capability. –Pervasive The technology should be applied not only to major components but to all components in the system. –Incremental Increased robustness can be achieved incrementally by adding greater modeling.

Approved for Public Release, Distribution Unlimited 7/20/048 Innovative claims Features of our approach: –Fault-aware processes. –Fault-adaptive. –Model-based. –Synthesizes a fault-adaptive process to achieve state evolutions. –Reasons from MODELS of correct and faulty behavior of supporting service components. –Constructs novel recovery actions in the face of novel faults. Specific approaches: –Dynamic selection from redundant methods. –Self-optimization: select the optimal candidates. –Continuous monitoring. –Incremental addition of robustness by adding monitoring procedures incrementally. –Synthesis of repair procedures from models.

Approved for Public Release, Distribution Unlimited 7/20/049 Demonstration scenario End to End Self-regeneration of Command & Control Systems: Robot must plan and execute motion to one or more targets. Robot must perform designated tasks at selected destinations. Robot utilizes various sensors and actuators in achieving its task. Robot utilizes various software components in interpreting its sensor data and manipulating its actuators. Changing environment will cause software components to fail. Failed software components will be detected and diagnosed. Alternate configurations of the software will be found that can maintain mission objectives while maximizing utility—in real- time. Fault injection testing: We will inject faults into the test bed including (1) environment changes, (2) incompatibilities, (3) software attacks.

Approved for Public Release, Distribution Unlimited 7/20/0410 Test bed summary Robot scenario involves: –Path planning and execution. –Goal selection with risks and rewards. –Visual and other sensors and actuators utilized in navigation and task execution. –Reacts to: Failures in the software. –Exploiting redundant methods. –By re-planning to maintain optimality. Discoveries in the environment. –Obstacles –Suitability of using selected sensors given terrain lighting etc. Attack

Approved for Public Release, Distribution Unlimited 7/20/0411 Rover test bed Allows real-world testing of planning and execution software Consists of a reconfigurable environment with one ATRV- 2 and three ATRV-JRs.

Approved for Public Release, Distribution Unlimited 7/20/0412 Rover test bed setup Differential drive Laser range scanner Sonar sensors Wheel encoders (odometry) Stereo camera Inclinometer GPS receiver Compass Antennas for wireless LAN Sensors give information on motion and environment. Onboard PC allows for real-time computation and command processing.

Approved for Public Release, Distribution Unlimited 7/20/0413 Implications of successful results Robotic systems that can operate autonomously to achieve goals in a complex and changing environment. –Modeling environment Software that detects and works around “bugs” resulting from incompatible software changes. –Modeling software components Software that detects and recovers from software attacks. –Modeling attack scenarios Software that automatically improves as better software components and models are added. Higher level of command and control for robotic missions.

Approved for Public Release, Distribution Unlimited 7/20/0414 Military roles for autonomous robots Reconnaissance –Rover makes its way to designated places and reports back—such as with pictures. Search and Rescue –Rover enters a dangerous area and reports back on the presence of wounded people. Mapping –Rover explores (a building) producing a map annotated with pictures in support of ground forces. Munitions Delivery –Rover goes to designated locations and delivers munitions. (like predator UAV)

Approved for Public Release, Distribution Unlimited 7/20/0415 Technical approach We will extend the technology developed for execution, hardware fault detection, diagnosis and reconfiguration successfully used in Deep Space One to be applied to software fault awareness and reconfiguration. Software components look like hardware components but reconfiguration is less restricted. A greater emphasis on environment modeling is necessary because most software faults will be because of environmental changes.

Approved for Public Release, Distribution Unlimited 7/20/0416 Systems Should be Suspicious Sensor Interpretation: Nominal: Command Confirmation Fault Detection Failure: Fault Isolation Fault Diagnosis Traditional Commanding is Open Loop Continuous Estimation of Modes and State Model Real Time Robust Systems Should be Fully State Aware And Should Use To Dynamically Monitor Specifications

Approved for Public Release, Distribution Unlimited 7/20/0417 Commanding Involves Repairing a Correct State For long-lived systems, failure is the rule: Must navigate around failures. Must operate with varying resources and capabilities. Should select best means amongst multiple alternatives. Nominal commanding is Traditionally pre-determined Robust systems should select the best action in context Continuous Reactive Commanding Continuous Mode/State Estimation Model

Approved for Public Release, Distribution Unlimited 7/20/0418 How Do We Guide Self-Regenerative Systems? - By Interacting Directly with State Embedded programs interact with sensors and actuators. Model-based programs interact with state Embedded Program S Services Obs Cntrl Model-based Embedded Program S Services Programmers map between sensors, actuators to states. Model-based executives map between sensors, actuators to states.

Approved for Public Release, Distribution Unlimited 7/20/0419 Model-based Programs Interact Directly with State S Plant Obs Cntrl Model-based Embedded Programs Model-based Executive S Plant Model State estimates Reactive Commanding Mode Estimation State goals RMPL State assertion State query Conditional Execution Preemption Iteration Concurrent execution Fault Occurs Current Belief State Reconfigure least cost reachable goal state First Action

Approved for Public Release, Distribution Unlimited 7/20/0420 Real-Time Execution Flight H/W Fault Monitors Planning Experts (incl. Navigation) Model-based Autonomy Architecture Ground System RAX Manager Model- based Fault Protection Mission Manager Executive Planner/Scheduler

Approved for Public Release, Distribution Unlimited 7/20/0421 Real-Time Execution Flight H/W Fault Monitors Planning Experts (incl. Navigation) Ground System RAX Manager Model-based Fault Protection Mission Manager Executive Planner/Scheduler Remote Agent Goal States Model-based Autonomy Architecture

Approved for Public Release, Distribution Unlimited 7/20/0422 Real-Time Execution Flight H/W Fault Monitors Planning Experts (incl. Navigation) Ground System RAX Manager Model-based Fault Protection Mission Manager Executive Planner/Scheduler Remote Agent Model-based Autonomy Architecture

Approved for Public Release, Distribution Unlimited 7/20/0423 Real-Time Execution Flight H/W Fault Monitors Planning Experts (incl. Navigation) Ground System RAX Manager Model- based Fault Protection Mission Manager Procedural Executive Planner/Scheduler Remote Agent Low-Level Fault Protection Model-based Autonomy Architecture

Approved for Public Release, Distribution Unlimited 7/20/0424 Real-Time Execution Flight H/W Fault Monitors Planning Experts (incl. Navigation) Ground System RAX Manager Model- based Executive Mission Manager Procedural Executive Planner/Scheduler Remote Agent High-Level Fault Protection Model-based Autonomy Architecture

Approved for Public Release, Distribution Unlimited 7/20/0425 Remote Agent Experiment May, 1999 May 17-18th experiment: High-level Fault Protection Generate plan for course correction and thrust Diagnose camera as stuck on –Power constraints violated, abort current plan and replan Perform optical navigation Perform ion propulsion thrust May 21th experiment: Low-level Fault Protection Diagnose faulty device and –Repair by issuing reset. Diagnose switch sensor failure. –Determine harmless, and continue plan. Diagnose thruster stuck closed and –Repair by switching to alternate method of thrusting. Back to back planning RA was a toolbox, want a seamless language

Approved for Public Release, Distribution Unlimited 7/20/0426 Technology transition The structure of our solution facilitates transition. –Implements self-regenerative system using language+executive, as opposed to a set of regeneration utilities. –Easily wraps self-regeneration around existing components, through a clean separation of the “executive” and “plant.” –Has supported a long history of successful technology transition. Papers and other publications

Approved for Public Release, Distribution Unlimited 7/20/0427 Looking forward: next steps Reasoning about complex software models. Coordination while preserving privacy of subsystem information. Extending the technology to work with complex distributed self-regenerative systems. –Regeneration requires peer to peer coordination of systems. –Subtle faults that are distributed across multiple systems. –Faults that are detected in systems in which we do not have direct control—and must negotiate fault resolution.

Approved for Public Release, Distribution Unlimited 7/20/0428 Appendix A

Approved for Public Release, Distribution Unlimited 7/20/0429 Model-based Execution Kernels as Stochastic Optimal Controllers Deductive Controller Plant mode estimation mode reconfiguration s’(t) commands(t) f f s (t) g g Observations(t) Model Goal States

Approved for Public Release, Distribution Unlimited 7/20/0430 Operators and programmers reason through system- wide interactions to: isolate faults isolate faults diagnose causes diagnose causes Diagnosis

Approved for Public Release, Distribution Unlimited 7/20/0431 OPSAT Conflict- directed A* Conflict- directed A* Optimalfeasiblemodes Conflict Checkedkernel ISAT Generate Most-likely Candidate Diagnoses: conflict-directed A* (< 10 states visited) Test Against Model and Observables: Incremental Satisfiability (avg. < 10 % off ideal) Learn from counter examples (conflicts) to guide generation.

Approved for Public Release, Distribution Unlimited 7/20/0432 Compare Most Likely Candidate to Observations

Approved for Public Release, Distribution Unlimited 7/20/0433 Isolate Conflicting Modes A conflict, C, is an assignment to a subset of the mode variables that is inconsistent with the model and observations.

Approved for Public Release, Distribution Unlimited 7/20/0434 Generate Next Most Likely Candidate Every consistent mode assignment must differ from the conflict for at least one mode variable

Approved for Public Release, Distribution Unlimited 7/20/0435 Generate Next Most Likely Candidate Every consistent mode assignment must differ from the conflict for at least one mode variable

Approved for Public Release, Distribution Unlimited 7/20/0436 Testing Candidate Detects Another Conflict

Approved for Public Release, Distribution Unlimited 7/20/0437 Consistent mode assignment must differ from both conflicts Generate Next Most Likely Candidate

Approved for Public Release, Distribution Unlimited 7/20/0438 Consistent: Most Likely Diagnosis

Approved for Public Release, Distribution Unlimited 7/20/0439 Operators and programmers reason through system- wide interactions to: isolate faults isolate faults diagnose causes diagnose causes Diagnosis repair repair reconfigure reconfigure ConfigurationManagement

Approved for Public Release, Distribution Unlimited 7/20/0440 Conflicts Focus MR Goal: Achieve Thrust Find least cost modes that entail the current goal. A conflict, C, is an assignment to a subset of the mode variables that entails the negation of the goal.

Approved for Public Release, Distribution Unlimited 7/20/0441 Goal: Achieve Thrust Conflicts Focus MR Find least cost modes that entail the current goal. A conflict, C, is an assignment to a subset of the mode variables that entails the negation of the goal.

Approved for Public Release, Distribution Unlimited 7/20/0442 Goal: Achieve Thrust Conflicts Focus MR Find least cost modes that entail the current goal. A conflict, C, is an assignment to a subset of the mode variables that entails the negation of the goal.

Approved for Public Release, Distribution Unlimited 7/20/0443 Goal: Achieve Thrust Conflicts Focus MR Find least cost modes that entail the current goal. A conflict, C, is an assignment to a subset of the mode variables that entails the negation of the goal.

Approved for Public Release, Distribution Unlimited 7/20/0444 Closed Open Stuck open Stuck closed Open Close Cost 5 Prob.9 Models are Concurrent, Constraint Encodings of Partially Observable Markov Decision Process Vlv = closed => Outflow = 0; vlv=open => [Outflow] S = [Inflow] S and [Outflow] R = [Inflow] R vlv=stuck open => [Outflow] S = [Inflow] S and [Outflow] R = [Inflow] R vlv=stuck closed=> Outflow = 0; Unknown One automaton for each device. Communication through shared variables.

Approved for Public Release, Distribution Unlimited 7/20/0445 Operators and programmers reason through system- wide interactions to: isolate faults isolate faults diagnose causes diagnose causes monitor monitor confirm commandsconfirm commands track goalstrack goals Estimating Modes

Approved for Public Release, Distribution Unlimited 7/20/0446 Mode Estimation Left engine onObserve “no thrust” Enumerated by decreasing probability. Find most likely reachable states consistent with observations. Every component transitions at each time step.

Approved for Public Release, Distribution Unlimited 7/20/0447 Operators and programmers reason through system- wide interactions to : Controlling Modes Estimating Modes monitor monitor track goals track goals confirm commands confirm commands isolat faults isolat faults diagnose faults diagnose faults repair repair reconfigure reconfigure execute execute avoid failures avoid failures change control policies change control policies

Approved for Public Release, Distribution Unlimited 7/20/ Find least cost state that entails the current goal and is reachable from the current state. 2.Find first action that moves towards this state. Model-based Reactive Planning Mode Reconf. Mode Est. Command Configuration goals Model goal statecurrent state Reactive Planning Burton Model-based Executive IJCAI97

Approved for Public Release, Distribution Unlimited 7/20/0449 Architectural overview S Plant Obs Cntrl Model-based Embedded Programs S Continuous Reactive Commanding Continuous Mode/State Estimation Model Desiderata: languages that are Suspicious Monitor intentions and plans Self-Adaptive Exploits and generates contingencies State and Fault Aware Anticipatory –“Model-predictive languages” –Plans and verifies into the future –Predicts future states –Plans contingencies

Approved for Public Release, Distribution Unlimited 7/20/0450 Anticipated Challenges Software is harder than hardware: –Hardware recovers by leveraging backups, while software leverages alternative methods. –Models of software are more complex to specify. –While hardware’s topology is static, software’s topology dynamically changes. Performance –Software systems result in larger state spaces, making real-time response a challenge.