To do so, the error will be encoded into each sampler node message identifier: the higher the error, the lower the identifier. The sampler node with greatest er-.
Practical implementation of an optimal bandwidth allocation policy for distributed real-time control systems Manel Velasco, Pau Martí, José Yépez, Rosa Castañé, Josep Guardia, Jordi Ayza, Ricard Villà and Josep M. Fuertes Departament d’Enginyeria de Sistemes, Automàtica i Informàtica Industrial Universitat Politècnica de Catalunya Pau Gargallo 5, 08028 Barcelona {manel.velasco, pau.marti, jose.yepez, rosa.castane,josep.guardia, jordi.ayza, ricard.villa,josep.m.fuertes}@upc.edu
Abstract In recent years, approaches to control performance optimization for resource-constrained systems have been receiving increased attention. Most of them focus on theory, whereas practical aspects are omitted. In this paper we present a Controller Area Network (CAN) application profile that permits implementing distributed real-time control systems with control performance optimization.
1
Introduction
In real-time distributed control systems, restrictions imposed by resources such as processor capacity or network bandwidth limit application performance. Maximization of application performance requires using the scarce resources efficiently. Real-time theory addresses the problem of allocating and dispatching resources to meet real-time performance specifications. However, for control systems, the application of standard scheduling theory is not sufficient to guarantee the best control performance. It has been pointed out [2] that dynamic co-design approaches are the key to successfully design and implement flexible realtime control systems. In recent years, approaches to control performance optimization for resourceconstrained systems have been receiving in-
creased attention. For example, on-line approaches to co-design of control and uniprocessor allocation can be found in [4] or [6]. Most of these approaches focus on theory, whereas practical aspects are omitted, and their extension to distributed architectures is rarely mentioned. In this paper we apply the theoretical results on uniprocessor allocation presented in [6] to distributed systems. In [6], the authors introduced an optimal dynamic CPU management policy for control tasks that allocate the processor at run-time based on feedback information from the jobs that controllers are performing. First, we discuss how this result can be exploited to optimally manage bandwidth in networked embedded control systems. To do so, we identify the key aspects required to implement the optimal policy distributively. Afterwards, we review whether well-known communication paradigms (e.g., master/slave, token ring) can be used for the implementation. The discussion shows that Controller Area Network (CAN, [3]) is a good network candidate. Next, we describe how the optimal policy can be implemented in CAN. This requires to specify the type of nodes (sensors, controllers and actuators) and the message classes that are exchanged among them. This specification ends with the definition of an application profile tailored to networked embedded sys-
tems with control performance optimization. Finally we show the simulation results, which validate the applicability of the presented profile.
2
Background
This section summarizes the theoretical results presented in [6]. A uniprocessor system with multiple control loops was considered. Due to resource limitations, the controllers cannot all simultaneously run at their highest possible sampling frequency, and so cannot provide the best possible control performance (equivalent to the one they would provide if they were running in isolation). The problem to be solved is how to assign the scarce CPU resources to the set of controllers so that overall control performance is maximized (or resource usage minimized), knowing that controllers will provide better control performance when given more resources. The allocation problem will be solved applying a feedback architecture, whose basic operation can be summarized as follows: at each control loop operation (which occurs once per period), the plant is sampled and this information 1) is used by the control algorithm to compute and output the control signal, and 2) is feed back to the operating system in order to allow the system to re-allocate resources to maximize overall control performance. 2.1
Problem formalization
There are n controllers, each one controlling a plant, and competing for the computing resources. Each plant i can be described by the ordinary vector differential equations (1) and (2), x˙ i (t) = fi (xi (t), ui (t), t) yi (t) = di (xi (t))
t ∈ R+
(1) (2)
where functions fi and di are linear, ui (t) is the control input to the dynamical system, and T the vector xi (t) = [x1i (t), . . . , xn is the i (t)] state of the system at time t, and its elements are called state-variables.
The norm of the state vector (also called error ), (3), ei = |xi (t)| (3) is the feedback information to be used for the system to re-allocate resources ri to each controller. Each control task implements the three main actions to be performed in each closed loop operation (sampling, control algorithm computation, actuation) sequentially, and it is characterized by its period hi (corresponding to the sampling period), its worst case execution time ci , and we specify its deadline equal to its period. The partial utilization factor of each task, also called rate, ri (4), ri =
ci hi
(4)
is the CPU share (resource requirement) that each control task demands for a given period. For each control task, since the worst case execution time is constant, any variation in the task rate implies a variation in the task period (and vice-versa). In addition, for each control task we specify a performance criterion pi (ri ) that represents the control performance under different task rates, ri . As pointed out in [4], the relation between control performance (measured using either a standard quadratic or a linear performance index) and a range of allowed periods can be approximated by a linear relationship. Therefore, for a given control task i, we approximate its performance criterion pi (ri ) by a linear increasing function (5). pi (ri ) = αi ri + βi
(5)
Parameters αi and βi in (5) are specific for each control loop and can be obtained prior to system run-time. To permit assigning resources according to the dynamics of each plant, we re-scale each performance criterion of each control loop by the error ei of the controlled system. Finally, we also consider the current system load and the number of processes executing. At the system level, each control task τi can be characterized by its rate ri , its performance
criterion pi , and its plant error ei , as represented by (6) τi = {ri , pi , ei }
(6)
With this information, for a given set of n control tasks, τ1 , . . . , τn , the problem is to determine the task rates ri , i = 1, . . . , n, such that all the tasks are schedulable and the overall control system performance is maximized. 2.2
Optimal resource allocation policy
As shown in [6], the resource allocation can be formulated as a linear constrained optimization problem n
maximize
wi ei pi (ri )
(7)
ri ≤ U d
(8)
i=1 n
subject to i=1
where wi are weights that provide the mechanism for appropriate comparisons among the control loops. The solution ~r = [r1 , r2 , . . . , rn ] is given by the following theorem: Theorem 1. The optimal solution ~r = [r1 , r2 , . . . , rn ] of the optimization problem (7) and (8) is ~r = [0, 0, . . . , 0, ri = Ud , 0, . . . , 0], 1 ≤ i ≤ n, such that wi ei αi is maximum ∀i ∈ [1 . . . n], if the set of control tasks is described by (6). Observation 1. In terms of resource allocation, the theorem states that we should assign all the available CPU (that is, Ud ) to the control task with maximum wi ei pi . If all of the functions pi and all the weights wi are the same, we should assign all of the available resources to the control task with the largest error ei . In practice we need to assign a minimum rate to the rest of the control tasks so that stability tests can be performed and they can continue to monitor the state of their controlled systems. Thererfore, the theorem dictates that the control task with the largest error should receive all of the resources remaining after every task has received its minimum.
Observation 2. The implementation of the optimal policy requires keeping track of which task has maximum wi ei pi . Therefore, is it necessary to have all this information centralized in the resource manager for the allocation assignment. 2.3
Controller design
The application of the optimal policy requires the implementation of controllers capable of running with different sampling frequencies We design controllers for the class of linear systems (that can be specified by (1) and (2)) using classic design procedures. In the end, each control law is an algorithm that depends on the sampling period, Li (hi ). For each controller, we specify a range of sampling periods hi = [hi,min , . . . , hi,max ] for which the closed loop requirements are met and allow the controller, implemented within a task, to execute with a run-time period that belongs to the specified range, adapting the gains accordingly (following the techniques presented in [8] and [1]). For this type of closed-loop systems, stability can be analyzed for example using the approach described in [5]. Note that each controller will demand a maximum rate ri,max given its hi,min and a minimum rate ri,min given its hi,max 1 .
3
Toward a distributed implementation
In this paper, the applicability of the theoretical results for the uniprocessor architecture will be extended to a network architecture. In the networked architecture, each plant (described by equations (1) and (2)) and controller constitute a closed loop and each controller is assumed to be implemented in separate nodes. Nodes perform sampling, control algorithm computation and/or actuation and exchange sample and/or control signal information through a network shared by all nodes of all control loops. Therefore, network bandwidth is the scarce shared resource that must 1 Henceforth, we will omit the subscript i when not required
be allocated among the control tasks. 3.1
Problem to be solved
For each control loop, at each sampling period hi , the time spent on the messaging required to perform each closed loop operation—which may include data exchange from sensor to controller, and from controller to actuator— is given by mi . mi is assumed to be constant, and should occur within each period. Analogous to CPU utilization (see eq. (4)), the partial utilization factor of each control loop configuration on the network, also called bandwidth, bi (9), is the resource requirement that each control loop configuration needs for a given period. Any change in bi will imply a change in hi (and vice-versa). bi =
mi hi
(9)
Taking into account the bandwidth requirements of each control loop given in (9), the distributed allocation problem is analogous to the centralized problem: how to assign the scarce network bandwidth to the set of control loops such that all messages are schedulable and overall control performance is maximized, knowing that the controllers will provide better performance given more network bandwidth. This analogy permits to apply theoretically the optimal solution stated in Theorem 1 to the networked case. However, its practical applicability is not immediate because its implementation requires having centralized all the information demanded to solve the allocation problem (recall Observation 2). And this may not be easily achieved (in terms of information exchange, overhead, etc) in a networked scenario. In the networked architecture, we can distinguish two scenarios. Given a master/slave architecture where the master node is responsible for the bandwidth allocation and coordinates the communication activities of all nodes2 , the practical application of the optimal policy seems feasible. 2
In a master/slave configuration, slave nodes send messages as instructed by the master. Therefore,
For example, the flexible time-triggered paradigm applied to networks [7] is an existing scheduling framework that would support the application of the optimal policy in a master/slave architecture. In such a configuration, the sampler node of each control loop can send the state of the controlled plant to the master node. The master node, knowing the state of all controlled plants and all control loop message requirements, can act as a resource manager in the same way as in the uniprocessor architecture. The primary limitation of this centralized approach to networked control is that it assumes the existence of a master node that knows the current state of all controlled plants and all control loop message requirements. Maintaining a global state can be problematic in practice, introducing additional latency and a central point of failure, and increasing overall system messaging traffic. A system based on a token-based protocol will suffer from the same problems. Without assuming that all the information required to solve the allocation problem is localized in a single node, a different solution is required. 3.2
The selection of CAN
We will focus on a networked architecture where the information needed to decide which node should be granted access to the network is not centrally located. Although several protocols for distributed decision making are possible (e.g., token-based protocols), we will focus on CAN and its bit-wise arbitration. The CAN protocol is an international standard defined by ISO 11898. CAN is based on the broadcast communication mechanism, where every message has an identifier, which is unique within the whole network. The identifier defines content and also the priority of the message. The lowest binary number has the highest priority. Bus access conflicts are resolved by bitwise arbitration of the identifiers involved. when a message is transmitted, all the bandwidth is guaranteed to the transmitter, which assures a constant message transmission time.
This happens in accordance with the wiredand-mechanism, by which the dominant state (zero) overwrites the recessive state (one). Therefore, transmission requests are handled in order of their importance for the system as a whole. For the implementation of the optimal policy, the node with highest error should be granted bus access. To do so, the error will be encoded into each sampler node message identifier: the higher the error, the lower the identifier. The sampler node with greatest error wins the right to transmit. However, this encoding means to assign all the available communication bandwidth to the sampler node with greatest error, as mandated by the optimal policy. But a minimum bandwidth share has to be also given to the other sampler nodes. In addition, controller nodes need to access the bus to send control signal messages to the actuator nodes. And this has to be done as soon as the control signal is calculated from an incoming sample message. Therefore, a more accurate message encoding and network planning is required.
4
Application profile
In order to easily implement the statefeedback based resource allocation policy on a networked embedded system based on CAN, we define an application profile. We will focus on CAN extended frames, supporting a length of 29 bits for the identifier (formerly known as CAN 2.0 B); but the extension to CAN base frames, supporting a length of 11 bits for the identifier (formerly known as CAN 2.0 A), is straightforward. In order to implement the optimal policy, the application profile should allow the following functionalities. Firstly, control signal messages should have the highest priority in order to be guaranteed and thus minimize latencies in each control loop operation. Also, sampler nodes with low errors should be assigned a minimum bandwidth share. Secondly, noncontrol messages should behave as expected in terms of being granted bus access once control messages and sampler node with low er-
ror messages are granted. Finally, the sampler node with highest error should be assigned the bandwidth left over. The accomplishment of these functionalities can be easily achieved by deploying each networked control loop using the following type of nodes and messages. 4.1
Nodes
Four types of nodes are defined. 1. Sampler nodes: they sample the plant ceaselessly, compute the plant error, and try to send this information (plant error and plant state) over the bus. 2. Controller nodes: each controller node receiving a sampler message, will compute the control signal (using the plant state) and send it to the corresponding actuator. 3. Actuator nodes: they apply the control signal to the plant upon reception of the control signal message. 4. Other nodes: they perform other noncontrol activities. 4.2
Messages
We define four messages classes, as illustrated in Figure 1, which can be distinguish by the first two bits of the message identifier. • 00: This class contains the highest priority messages, which are always granted to win bus access. These messages will be used by controller nodes to send control signal messages to actuator nodes. After the first 2 bits, the following 16 bits will encode the 1’s complement of the control signal, and the 8 following bits will encode the sampler node identifier (the 3 less significant bits of the 29-identifier field are not used). By doing this, we shorten the length of the message (data field is empty), and allow messages with higher control signals to win access on the bus. The later will be required in the case of a collision between control signal messages. Although this situation
• 01: This class contains the second higher priority messages, which are also always granted to win bus access. These messages will be used to allocate a minimum bandwidth share to each sampler node. Each sample node will issue a message of this class every hmax . Apart from the first 2 bits, the following 16 bits will encode the 1’s complement of the plant error, and the 8 following bits will encode the sampler node identifier (as before, the 3 less significant bits of the 29-identifier field are not used). The 8 bytes of data field will contain the plant state that will be used by the corresponding controller node for computing the control signal. Although collisions between messages 01 are unlikely to occur4 , the 1’s complement of the plant error will permit to resolve it in favor of the node with greatest error. As before, the sampler node identifier is required for filtering purposes. The bandwidth requirement for these messages is given by each hmax , which is a design parameter of each control loop of the networked architecture. • 10: This class contains all non-control messages. Therefore, the identifier encoding of these messages should be as thought originally, but with 10 in the first 3 Collision of control signal messages will never occur because in the whole networked system, only one controller at a time will send a message. Recall that controller nodes only send message triggered by sampler messages. And at any give time, only one sampler message will be transmitted on the bus. 4 Collisions will occur depending on the hmax values of each sampler node. If they occur, a predictable serialization of these message has been established by the inclusion of the plant error in the message identifier
8 bits 3 bits
2 bits
should never occur3 , this encoding solves the problem in a predictable fashion. The sampler node identifier is required in order to allow each controller node to filter messages and only receive those messages that have been sent by its sampler node. Note that the bandwidth requirements for these messages depends on the frequency of the sampler messages.
16 bits
00 Control signal ID 01 Error value
ID
10 Rest of applications 11 Error value
ID
29-bit identifier
Plant state General purpose message Plant state 8-byte data field
Figure 1: Bit encoding of message classes
two bits. • 11: This class contains the lowest priority messages, and they are not guaranteed (best effort messages). These messages will be used by all sampler nodes to send as many sampler messages as possible. After the first 2 bits, the following bits encode the same information as for messages of class 01. Similarly, the 8-byte data field will contain the plant state. Note that messages of this class are not granted, and that the sample node with highest error will always win access to the bus in front of the other sampler nodes. By doing so, we will be assigning the bandwidth left over to the node with highest error, as specified by the optimal policy. As mandated by the application profile, a) control signal messages (class 00) will always win bus access in front of any message of the other classes, b) granted sampler messages (class 01) will always win bus access in front of general purpose messages (class 10) or best effort sampler messages (class 11), and c) best effort sampler messages will only be transmitted after all the other messages. 4.3
Discussion
By using this application profile, we achieve the bandwidth allocation mandated by the optimal policy without requiring a centralized bandwidth management. Note that the number of closed-loop systems that the network may support will be lim-
ited by the bandwidth required by the granted messages (classes 00 and 01). If the network bandwidth is equal to the bandwidth required by granted messages and non-control messages, control loops will behave correctly but no control performance optimization will take place. When not all the bandwidth is occupied (e.g., when non-control message bandwidth requirements decrease, or when the granted messages for all control loops can not occupy the bandwidth left by noncontrol messages), then, the control performance optimization will take place because messages of class 11 will start being transmitted, thus having more bandwidth for the control loop with highest error. If the network bandwidth is less than the one required by granted messages and noncontrol messages, the overall system of course can not be implemented.
5
Simulation Results
To exemplify the application of the presented profile, we present a simulated experiment in which two inverted pendulums are distributively controlled over CAN. The two controller nodes implement the same control algorithm whose feedback gain has been designed using standard pole placement techniques. The initial state for both pendulums is different. For pendulum 1, x1 (0) = [0, 0, 0.7, 0]T whereas for pendulum 2 x2 (0) = [0, 0, 0.6, 0]T . For both pendulums, the minimum bandwidth share required to fulfill the control specifications is given by hmax = 0.01s. In order to illustrate the application of the optimal policy, pendulum 2 is perturbed at time t = 0.1s (the perturbation affects the pendulum cart velocity). Simulation results are illustrated in Figures 2, 3 and 4. In these figures, the horizontal axis corresponds to the time of the simulation. However, the time scale has been substituted for a scale based on the number of messages sent over the bus. This makes easier the comparison between pendulums responses as well as the analysis of the network traffic. For ex-
Angle (rad) 0.8 0.6
Pendulum 2
0.4 0.2 0 −0.2
Pendulum 1
−0.4 −0.6 −0.8 0
50 100 150 200 250 300 350 400 450 500 Messages on bus
Figure 2: System output (angle)
ample, recall that a perturbation on pendulum 2 takes place at time t = 0.1s. Using the new scale, this corresponds at message number 100. Figure 2 shows each pendulum angle’s dynamics achieved by the optimal policy during a simulation of 0.5s (time enough to stabilize both pendulums). The dynamics before message 100 are similar with an small difference due to the different initial conditions. After message 100, the perturbation on pendulum 2 deviates its dynamics. Figure 3 shows the resulting schedule (traffic) on the bus, and permits to observe the bandwidth allocation between the two control loops. The figure presents two squared lines corresponding to the traffic associated to control each pendulum. The upper line corresponds to pendulum 2 and the lower line to pendulum 1. Each line takes two possible values, message on bus and denied access. Line i (i = 1 for pendulum 1 or i = 2 for pendulum 2) in value message on bus indicates that pairs of sampler message and control signal message, (si , ci ), are being sent. Due to the large amount of messages appearing in the simulation, we give at the bottom part of Figure 3 a detailed view of the first messages. Grey represents the messages sent by sensor and controller of pendulum 1, and black represents the same for pendulum 2. At the beginning of the simulation, t = 0s, pendulum 1 and 2 have initial errors 0.7 and 0.6 re-
4
Error x 10 2.5
Pendulum 1
message on bus from pendulum 2
Pendulum 2
2
denied access
1.5
message on bus from pendulum 1 1
denied access
0
0.5
50 100 150 200 250 300 350 400 450 500 Messages on bus
0 0
50 100 150 200 250 300 350 400 450 500 Messages on bus
2
h
h
h
Pendulum 1 Priority change
Pendulum 1 messages
Pendulum 2
Pendulum 2 messages
Figure 3: Bus schedule
spectively. Therefore, the best effort sampler messages of pendulum 1 will have higher priority (higher error, thus lower identifier) than the ones of pendulum 2, thus winning the arbitration (first black segment). As a consequence, pairs of (s1 , c1 ) are being sent. Hence, the leftover bandwidth is occupied by the messaging of the plant with highest error, as mandated by the optimal policy. Once the control signals for pendulum 1 start having effect, at message 9 approximately, the error for pendulum 2 becomes the largest as we will further explain in the description of Figure 4. Therefore, a priority change takes place, and pairs of best effort sampler messages (s2 , c2 ) start being sent (gray segment) instead of pairs (s1 , c1 ). Again, the leftover bandwidth is still being used by the messaging of the plant with highest error, fulfilling the principles of the optimal policy. However, during this period, a pair (s1 , c1 ) appears at each hmax (small black strips at each h in the detailed view of Figure 3), which corresponds to the granted sampler messages (and corresponding control signal messages) for pendulum 1 that permit to have this pendulum controlled. In other words, small black strips at each h correspond to the minimum bandwidth assigned to the control loop that
0
10
20
30
40
50
60
Figure 4: Error dynamics
does not have the highest error, as mandated by the optimal policy. Also, in Figure 3, it can be clearly observed that, after message 100 (0.1s), the perturbation on pendulum 2 takes place, which triggers a bandwidth re-distribution. Before the perturbation, almost all the available bandwidth was being utilized by pendulum 1 (except for the granted pairs (s2 , c2 ) at each hmax ). After the perturbation, pendulum 2 has a larger error. Hence, almost all bandwidth is utilized by pendulum 2 (except for the granted pairs (s1 , c1 ) at each hmax ). To further illustrate the results of the application of the presented profile, Figure 4 shows the evolution of each pendulum error during the simulation time. As it can be seen in the zoomed view of Figure 4, at message 9, a priority exchange takes place because pendulum 2 has a greater error than pendulum 1. Also, at message 100, the perturbation on pendulum 2 increases its error. In summary, the definition and utilization of the application profile for networked embedded systems permits to easily implement the optimal policy without requiring a centralized
resource manager. It is the CAN arbitration mechanism that distributively coordinates the bandwidth allocation mandated by the optimal policy.
6
Conclusions
We have presented an application profile for networked embedded control systems that allows to implement an optimal bandwidth allocation policy using the bit-wise arbitration of CAN. The application profile permits to implement the policy without requiring a centralized bandwidth allocator manager. Simulation results have validated the applicability of the presented profile.
References [1] P. Albertos and J. Salt. Digital regulators redesign with irregular sampling. In 11th IFAC World Congress (Preprints), volume 8, pages 157–161, 1990. [2] K.-E. Årzén and A. Cervin. Control and embedded computing: Survey of research directions. In 16th IFAC World Congress, Prague, Czech Republic, July 2005.
[3] R. Bosch. Road vehicles - controller area network (can) - iso 11898. 1986. [4] A. Cervin, J. Eker, B. Bernhardsson, and K.E. Årzén. Feedback-feedforward scheduling of control tasks. Real-Time Systems, 23:25–53, July 2002. [5] M. Dogruel and U. Özgüner. Stability of a set of matrices: A control theoretic approach. In Proceedings of the 34th IEEE Conference on Decision and Control, Sept. 1995. [6] P. Marti, C. Lin, S. Brandt, M. Velasco, and J. M. Fuertes. Optimal state feedback based resource allocation for resource-constrained control tasks. In Proceedings of the 25th IEEE Real-Time Systems Symposium, Dec. 2004. [7] P. Pedreiras and L. Almeida. The flexible timetriggered (FTT) paradigm: An approach to qos management in distributed real-time systems. In International Parallel and Distributed Processing Symposium (IPDPS’03), Apr. 2003. [8] B. Wittenmark and K. J. Åström. Simple selftuning controllers. Unbehauen, Ed. Methods and Applications in Adaptive Control, Lecture Notes in Control and Information Sciences, 24:21–29, 1980.
