150 likes | 307 Views
High-Confidence Control Ensuring Reliability in High-Performance Real-Time Systems. Tariq Samad Honeywell Automation and Control Solutions Minneapolis, U.S.A. tariq.samad@honeywell.com. Collaborators: Pam Binns, Mike Elgersma, Vu Ha
E N D
High-Confidence Control Ensuring Reliability in High-Performance Real-Time Systems Tariq Samad Honeywell Automation and Control Solutions Minneapolis, U.S.A. tariq.samad@honeywell.com Collaborators: Pam Binns, Mike Elgersma, Vu Ha Research supported by DARPA/AFRL contract F33615-01-C-1848
Limitations of “Automation” • Human operators are not needed for nominal conditions today • straight-and-level cruise flight in good weather • steady-state operation of process plants • urban roadways under light traffic flows • Invariably, abnormal conditions require human intervention • Autonomy implies appropriate responses to unforeseen situations • all control behaviors cannot be pre-compiled • Much research in systems and control is focused on enabling autonomy • but there’s a theory/practice gap
The Theory/Practice Gap in Control • Several new theoretical and analytical developments in systems and control over the last decade or two • nonlinear control • intelligent control • adaptive control • Notable successes in practical applications, but the full potential of these and other techniques hasn’t been realized • The problem isn’t incomplete theory, or a lack of simulation results • The problem is the lack of “confidence” for real-time, life- and mission-critical applications • Human operators are not primarily employed for performance, but for confidence
Difficulties with Determinism • Current verification and validation (V&V) approaches are infeasible for future systems • focus on deterministic guarantees of safety • complex algorithms are analytically intractable • exhaustive analyses are impossible • Promising alternative: probabilistic methods • algorithmic performance measures (inc. control stability) • Reliability and dependability analyses • Probabilistic online admission control • Statistical verification of execution properties: focus of our work
The Verification Problem for Advanced Control • For safety- and mission-critical systems, verification practices today focus on exhaustive, worst-case analyses • e.g., ensure, under all conceivable conditions, that the calculation will complete within the deadline • Computationally sophisticated algorithms are either avoided entirely, or only used in restricted, provably safe situations • nondeterministic execution times • computations performed depend on state and inputs • Real-time control applications impose hard deadlines on computation • difficult to guarantee that calculation will be completed by deadline
Performance with Confidence Characterization of computational assurance Example problem: computation of trim solution Iterative computation for x may or may not converge within deadline Convergence a function of state and inputs Discrete Unacceptable Acceptable dimension x2 Continuous dimension x1 The conservative, deterministically verified region of acceptance: xmin < x < xmax Characterization of computational assurance Discrete Unacceptable Acceptable dimension x2 The new,statistically verified region of acceptance Continuous dimension x1
Asymmetric Penalties Hypothesis h1 tolerates false positives in the interests of high performance Hypothesis h2 is “minimally safe” for the given data set Hypothesis h3 results in conservative decisions • In most cases of interest, some degree of conservatism will likely be desirable
Some Basic SLT Results • Assume we observe an empirical error (more generally, risk) of classification, Remp, based on a “training set” of m examples for classifiers from a hypothesis space H. The statistical learning theory model formulates how Remp differs from R: • For any probability distribution D on X {-1,0}, any hypothesis h in H that makes k errors on a training set of m random examples will have a generalization error probability bounded as follows (the result applies with probability 1-d and assumes that d m): A distribution-free formulation! • The result above is assured under fairly general conditions provided that (where d is the VC dimension of the hypothesis space H of classifiers we are considering): ~Independent of problem dimension! Assumes “consistency” of H Specialized for classification problems; consistency not assumed
VC Dimension • Intuitively, a measure of the flexibility or richness of a hypothesis space • Examples: • lines in R2 have VC-dimension of 3 • half-planes in Rn have VC-dimension n+1 • axis-aligned hyperrectangles in Rn have VC-dimension 2n • n-sided polygons in R2: 2n+1 • k-sided convex polyhedra in Rn: 2klog2(ek)(n+1)
A Methodology for Statistical Verification • Given a data set of m samples {(x1, y1), (x2, y2), …, (xm, ym)} • Find hypothesis in hypothesis space H of VC dimension d with • zero false positives (i.e.,wrong prediction of computing feasibility) • low false negatives (I.e., wrong prediction of computing infeasibility) • Calculate eub as • eub is an upper bound (with confidence 1-d) of the true probability for a false positive • Given H and confidence level d, we can estimate safety as a function of m and vice versa • Allows explicit tradeoff between safety and performance
OAV Features and Functions Navigation performance: • GPS has 20 ft. error: landing area must be 40 ft. in diameter and flat. • Station location keeping is within 5 to 10 ft. • Altitude is known within 5 ft. Flight • AV2 endurance: 95 minutes • Speed: 100kts • Auto start, take-off/landing • Waypoint designation at any resolution (direction, distance, speed). • Blind descent: 1ft/sec. descent with weight-on-wheel sensors; terrain data not required. • Flight control allows for hover and translation maneuvers.
OAV Application • OAV has lift surfaces in propulsion airflow • causes significant nonlinear interactions between thrust and surface variables • Requires the online calculation of equilibrium angle of attack • Initial dependency explored: net lift force and flight path angle • net lift force = rn2S/2mg (r: air density, n: speed, S: effective wing area) • flight path angle (g) is zero for upright flight • Currently working on 4-D problem • includes body-axis unit vector
Application in Progress • Iterative equilibrium angle of attack computation for new small-scale UAV • 2-d slice of computational complexity shown, as a function of two inputs to the computation • Characterize region of performance where 2 iterations suffice (red region in graphs) • Hypothesis space: logical combination of four quadratics • Realistic 4-d application in progress Upper bound on probability of unsafe condition is 0.045, with 95% confidence Can increase safety with more samples or lower VC dimension m = 700000 VC dimension = 137 d = 0.05 (95% confidence) eub = 0.045
Conclusions • Automation is pervasive, autonomy is not • High-performance algorithms aren’t sufficient; higher confidence implementations are needed • One problem/solution: Statistical verification of advanced control software • Many other possibilities to close the theory/practice gap • Exciting opportunities for both research and impact! • Multidisciplinary efforts essential