tions, node synchronization, and consistency of state variables. Without ... the Department of Automatic Control at Lund Institute of Technology. DICOSMOS is.
Timing Problems in Real-Time Control Systems Johan Nilsson
Björn Wittenmark
Ericsson Mobile Communications AB, Lund Earlier: Dept. of Automatic Control, LTH
Department of Automatic Control Lund Institute of Technology Lund
Martin Törngren
Martin Sanfridson
Department of Machine Design Royal Institute of Technology Stockholm
1. Introduction The industrial trend in embedded systems is than an increasing amount of control applications are implemented in distributed computer systems. Additional problems then face the designers such as significant and potentially varying end-to-end time-delays, the fact that data may be lost on the network, and that one or more nodes, or even parts of a node, may experience errors. Of course, similar effects can occur in single processor systems with run-time scheduling, but the problems become more apparent in distributed systems, which include aspects on scheduling processors and communications, node synchronization, and consistency of state variables. Without global synchronization, additional delays will arise in feedback loops that are closed over a network and in systems with several cooperating controllers working with different sampling periods (multirate systems). Many trade-offs exist depending on the requirements and the particular application considered. Research on timing problems in control systems was initiated early in the DICOSMOS project, Wittenmark et al. (1995). It turned out that very little work have been devoted to this interdisciplinary problem, neither from the control nor the computer engineering perspective. Different design constraints may necessitate a solution taken from both of these approaches. Interdisciplinary design and research approaches are obviously beneficial in that they open up new opportunities for designers as well as research directions. Within DICOSMOS we have attempted to tackle both these perspectives by following research directions on
• Design techniques for computer systems, in particular scheduling and allocation approaches, to appropriately support control systems. • Control design techniques that take e.g time-varying delays and data-loss into account and provide compensation. Control systems often rely on that actions in the control system are done synchronized. In a distributed control system this may not be the case. If no schedule is used for the network connecting different parts of a control system, the communication of sensor
1
and actuator signals may be delayed a random time due to varying system load. Similar effects can occur in one-processor systems with dynamic scheduling. In the case with a schedule for network transmissions the schedule has to be synchronized with sampling periods in the control system to avoid jitter effects. In a system with many different sampling periods this may not be possible, leading to delay variations. A system using dynamic scheduling of communication services is also more flexible. For instance, new units can be added without redesigning the schedule. Some research groups have been working on the setup with random delays from sensor to controller and from controller to actuator. Within the DICOSMOS project a PhD-thesis has been written on the topic, Nilsson (1998a). The DICOSMOS research project is a cooperation between Computer Engineering at Chalmers, the Mechatronics Lab at the Royal Institute of Technology, and the Department of Automatic Control at Lund Institute of Technology. DICOSMOS is supported by NUTEK in the Complex Technical System program: System Architecture.
2. State of the Art In this section we give short summaries of the approaches tried for systems with varying delays. Two different approaches are discussed: scheduling and controller design. I.e. the problem is looked upon from the real-time computing as well as the controller design point of view. 2.1 Timing behavior models and requirements of sampled systems Requirements and models for design of control applications to ensure appropriate timing behaviour are given in Törngren (1998). Sources and models for characterizing timevariations in distributed computer systems are investigated, in particular with relation to control system induced delays and time variations of sampling periods. The delays and time variations are investigated with respect to different execution strategies, for instance
• whether activities are time or event triggered • whether activities are synchronized, i.e. driven by the same clock or trigger • the scheduling policies used This study gives an understanding of scheduling and synchronization requirements leading to a successful implementation of a control system in a distributed computer system. The study also provides some understanding of the relations and difficulties in mapping the required timing behavior with the models provided by scheduling theory. A large body of the work in real-time scheduling is based on relatively simple timing behavior models for ‘tasks’ which execute periodically and have additional timing requirements in the form of deadlines, i.e. the execution each period must finish before the deadline has expired. Given a sampling period, h, and the release time of the first invocation of the task, R, the release times ri of subsequent invocations are given by r i � R + ( i − 1) h
(1)
More elaborate models exist e.g. including release times (or offsets), precedence relations between tasks, communication between tasks, see e.g. Audsley et al. (1995). Such models, together with associated scheduling algorithms, form the basis for a large body of theoretical research. Despite this the models are not directly suitable to describe sampled data systems, see Törngren (1995) and Redell (1998). The key to utilize such research results is therefore to develop suitable real-time behavior models of control systems, and to provide a facility for mapping these requirements to the standard scheduling models, or alternatively to develop new algorithms. The real-time requirements that the control design pose on the scheduling include: constant delay between sampling and actuation, synchronization of multiple sampling
2
or actuation functions and jitter minimization, Törngren (1998). In a typical control scenario, the following functionality is expected: A sampler samples the output of the controlled system with a fixed period h, such that the time of the kth sampling is given by tsample( k) � tsample( k − 1) + h ± tolsample where tolsample is the allowed tolerance. The controller performs the control computations, which may involve communication, in order to compute an appropriate control signal. Unless the total time delay incurred by this is negligible, it is preferable from the control design to impose a requirement on a constant delay, τ , from sampling to actuation. The timing requirement becomes tactuate( k) � tsample( k) + τ ± tolactuate As for sampling, the actuation of multiple inputs is assumed to be performed simultaneously (or with constant relative phases) for all system inputs. That is, in addition a synchronization tolerance is required. Just like in other areas of engineering, the tolerances on sampling and delay describe the fact that a deviation from nominal specifications is acceptable in terms of performance. The tolerances increase the possibility to find a feasible schedule for a system and should be part of the implementation requirements. These timing requirements are formalized in a model, Törngren (1995), by introducing the notion of precisely time-triggered actions and timing and triggering diagrams as a means for specification. The expression precise time-triggering is used to describe the requirement of a function to be invoked precisely at a given time within some jitter tolerance. It does not suffice to release a precisely periodic task at the given time – it needs to start executing in a window defined by the tolerance. This opposes to the most commonly adopted meaning of time-triggered systems in scheduling theory; in general, periodic tasks are required to execute exactly once every period and complete before their deadline, but they are not required to run exactly one period apart. Furthermore, the relationship described by Eq. (1) between the release times of different invocations of a periodic task differs from the specification of start times of the precisely periodic task. This requirement leads to what is called a relative timing constraint because start time depends on the preceding start time. The relative timing constraints are very difficult to account for in both local and global scheduling. Relative timing constraints are not always constraints on different instances of the same task. They can also appear on communications between instances of different tasks, possibly running with different periods. Another problem is the synchronization constraint that limits the time difference between the execution of different tasks without using precedence relations. Redell (1998) investigated several optimization methods for global scheduling (i.e. combined allocation and scheduling) including list scheduling (heuristics), branch-and-bound and genetic algorithms. It was found that not many approaches, i.e. models, exist in which the control specific requirements have been considered. One exception is the work by Cheng and Agrawala (1994) and Cheng and Agrawala (1995). The surveyed methods are, however, flexible in the sense that they can handle any kinds of constraints, but inflexible since they generally require a lot of tailoring effort by the system designer to function with various kinds of problems. Constraint programming and branch-and-bound are expected to be the most easily tailored methods, and therefore most suitable for being used by a general scheduling tool. 2.2 Control design aspects Even a ‘perfectly’ scheduled and synchronized system suffers from transient and permanent errors. Consequently, there is a need to understand the sensitivity of a feedback control system with respect to, for example, loss of samples and time-varying delays. Different approaches to compensate for the time variation will now be described.
3
Make the System Time-Invariant In Luck and Ray (1990) the closed loop system is made time-invariant by introduction of buffers at the controller and actuator nodes as illustrated in Figure 1. All nodes are clocked and synchronized. By making the buffers u(t) Actuator node
.. .
h
y(t)
Sensor node
Process
Buffer
Network
τ sc k
τ ca k
Buffer Controller node
...
wk
Figure 1 In Luck and Ray (1990) buffers are introduced after the varying communication delays to make the system time-invariant. The buffers must be longer than the worst case communication delay.
longer than the worst case delay the process state can be written as x k+ 1
�
Axk + Buk−∆1
yk
�
C xk ,
where ∆ 1 is the length in samples of the buffer at the actuator node. If the buffer at the controller node is assumed to have the length ∆ 2 samples, the process output available for the controller at time k is wk � yk−∆2 . The design problem is now reformulated as a standard sampled data control problem. The information set available for calculation of uk is
W k � {wk , wk−1, . . . }. In Luck and Ray (1990) the LQG-optimal controller, uk � ξ (W k ), is derived. An advantage with the method is that it handles control delays that are longer than the sampling period. A serious disadvantage with the method is that it makes the control delay longer than necessary. In Nilsson (1998a) it was shown that performance can be increased by having event-driven controller and actuator nodes. By using event-driven nodes we make the control delay smaller, but we get a time-varying system, which is harder to analyze and design. Stochastic Approaches: Ray Group In Liou and Ray (1991) a scheme with timedriven sensor, time-driven controller, and event-driven actuator, is studied. The sensor and the controller are started with a time skew of ∆ s . The probability that the new sensor value has reached the controller when the control signal is calculated, P(τ ksc < ∆ s ), is assumed to be known. If τ ksc > ∆ s the new control signal is calculated without knowledge of the new measurement signal. The actuator node D/A-converts the new control signal
4
as soon as it is transmitted to the actuator node. A discrete time augmented plant model is derived by introducing the delayed signals as states in the augmented plant model. The augmented plant model can be written as x k+ 1 � A k x k + B k u k ,
(2)
where Ak and Bk are stochastic matrices due to the random communication delays. The LQ-optimal controller is solved for the problem setup by (2). It is also discussed how to construct a state estimator in the case when all states are not measured. It is claimed that timestamping of signals is important for estimation of process state. For the problem setup in Liou and Ray (1991) it is not known if the combination of optimal controller and the proposed state estimator is the optimal output feedback controller, i.e., if the separation principle applies. The LQ-controller of Liou and Ray (1991) is used in Ray (1994) together with a stochastic state estimator. The timing setup is the same as the one used in Liou and Ray (1991). The estimator is designed to minimize the variance of the state prediction errors. The combination of the LQ-controller and the minimum variance estimator is introduced as the DCLQG-controller, delay compensated LQG. It is stressed that the separation principle does not hold for the DCLQG-controller, i.e., DCLQG-controller is a suboptimal control scheme. In Tsai and Ray (1997) the LQCDC-compensator, a linear quadratic coupled delays compensator, is presented. In this setup the sensor and actuator have a constant skew. The delays from sensor to controller, and from controller to actuator have known distributions and are bounded by the sampling interval T , which means that the proposed controller manages total loop delays of 2T . From the setup it follows that 0, 1, or 2 new measurements arrive during a controller sampling period. Due to this the newest measurement may be unavailable for the controller. The controller uses either the signal yk or yk−1 for control signal calculation. Which one used is unknown to the controller when control signal calculation is done. The control signal is sent to the actuator, where it is immediately used at the actuator terminal. The controller parameters are designed to minimize an LQG-cost function. It is stated that the state feedback and state estimation problem can not be separated, i.e., the separation principle, which is well known for systems without random delays, does not apply. Stochastic Approaches: Lund Group The Lund group is the DICOSMOS-group at the Department of Automatic Control at Lund Institute of Technology. Most of the results from the Lund group are collected in the thesis Nilsson (1998a). The system is modeled to have a sensor node that is time-driven, i.e. periodic sampling. The controller and actuator nodes are modeled to be event-driven. The transmission delays are modeled to be random with a known distribution. Using a probability distribution with support at only one delay value, time-driven setups can also be modeled. Two delay models have been studied:
• Random delays that are independent from transfer to transfer, • Random delays with probability distribution functions governed by an underlying Markov chain. The control loop can be illustrated with the block diagram in Figure 2. It has been shown how to analyze stability and expected performance of linear controllers where the network delays are described by one of the two network models above. Methods to evaluate quadratic cost functions have been developed. Using the same analysis method we found criteria for mean square stability of the closed loop for the different network models. The Linear Quadratic Gaussian (LQG) optimal controller has been developed for the two delay models. The derived controller uses knowledge of old time delays. These can be calculated using timestamping of messages in the network. Timestamping means that every transfered signal is marked with its time of generation. The receiving node can
5
h y(t)
u(t) Actuator node
Sensor node
Process
τ ca k
Network
τ sc k
Controller node ca Figure 2 Distributed digital control system with induced delays, τ sc k and τ k .
then calculate how long the transfer delay was by comparing the timestamp with the node’s internal clock. It has been shown that the separation principle can be used for the optimal controller. The optimal controller is uk � − L(τ
� sc k )
xˆ ktk u k− 1
� ,
where τ ksc is the last delay from sensor to controller, and xˆ ktk is the Kalman estimate of the process state, see Nilsson et al. (1998b). The design and analysis calculations have been implemented as a Matlab toolbox, see Nilsson (1998b). In Nilsson et al. (1998a) and Wittenmark et al. (1998) time delays in synchronous and asynchronous loops are analyzed. Stochastic Approaches: Özgüner Group In Krtolica et al. (1994) control systems with random communication delays are studied. The delays, from sensor to controller and from controller to actuator, are modeled as being generated from a Markov chain, see Figure 3. Only one of the β i coefficients in Figure 3 is one, all the others are zero.
yk
∆
∆
⋅⋅⋅
β D2
β0
wk
∆
+
Figure 3 The network model used in Krtolica et al. (1994). The sampled signal, yk , is delayed a number of samples due to communication delay. The controller reads the signal wk . Only one of the β i coefficients is one, the others are zero.
6
Notice that the delay must be a multiple of the sampling period, i.e., all nodes are clock driven. It is shown that the closed loop system can be written as z k+ 1 � H k z k , where Hk depends on the state of the delay elements depicted in Figure 3. The sequence of β i is generated by a Markov chain. Necessary and sufficient conditions are found for zero-state mean-square exponential stability. The resulting stability criterion is that the solution of two coupled (Lyapunov-like) equations need to be positive definite for stability of the closed loop system. The problem formulation and solution used in this approach has clear connections to the theory of jump linear systems. In Chan and Özgüner (1995) a setup using the Ford SCP Multiplex Network hardware is studied. The communication delay is modeled as in Figure 4. There is a queue of unsent sensor readings at the sensor node. A simple form of timestamping is done by appending the size of the queue to every message that is sent from the sensor node to the controller node. It is shown that by this method the controller node can reduce its uncertainty about which sensor reading it is using down to two possible cases. By knowing the probability for the two possible cases of delay, a state estimator is constructed. The sensor node and the controller node are both time-driven with a skew of ∆ sp. It is also shown how pole placement can be done for the described setup. Queue yk
Communication link
ωk
Single register
Figure 4 Block diagram of the transmission from the sensor node to the controller node in Chan and Özgüner (1995). The sampled signal yk is delayed during the transmission to the controller node. The controller reads the sensor value ω k from a register in the controller node. A simple form of timestamping is done by appending every message with the size of the queue when the message was sent.
3. State of Practice Control loops closed over communication networks are used in many applications. The authors know of no commercial system using the more advanced design methods discussed in the last section. These are so far only used in experimental testbeds. The first thing to introduce in more advanced distributed control system would probably be timestamping of signals to get a more reliable state estimator. This extension would easily fit in the frequently used state-feedback/state-estimator paradigm. It is common for advanced hard real time control systems, e.g. aircraft and industrial robots, to rely on handicrafted static scheduling with a basic synchronization service. Systematic approaches are beginning to emerge as results from scheduling theory are beginning to be used in industry. Of course there are many pragmatic approaches that are capable of dealing with smaller real-time systems; typically utilizing conventional priority based scheduling and a real-time executive/operating systems (see e.g. Klein et al. (1993)). Timing problems are becoming more difficult to handle in distributed systems as new control applications
7
are being added. Ad hoc approaches then lead to problems regarding system verification and understanding.
4. Problem Characterization/Identification In this section we list some problems that would be nice research problems.
• Is it possible to quantize how much of delay and randomness in the delays a system can function under? Is it possible to derive rules of thumb for when the special controller design methods need to be used? • Most of the control design methods use an assumption that the loop delay is less than a sampling period. The effect of this is that delays arrive at the actuator node in correct order. Is this assumption always or almost always fulfilled? Can design methods not needing this assumption be found? In Nilsson (1998a) a controller is derived that uses timeouts when waiting for the measurements. The measurements with timeout can then be used when they arrive or be treated as vacant samples. With this approach the loop delay can be allowed to be greater than the sampling period. • In the case when a Markov model is used for the network delay model the Markov state needs to be estimated. Use of such an estimator together with the LQGcontroller in Nilsson (1998a) has not been studied. This problem is very hard. An interesting study would be to try theory from adaptive control. • Information exchange between the scheduler and control algorithm to allow changing strategies when the system load is changing.
References AUDSLEY, N. C., A. BURNS, R. I. DAVIS, K. W. TINDELL, and A. J. WELLINGS (1995): “Fixed priority pre-emptive scheduling: An historic perspective.” J. Real-Time Systems, 8, pp. 173–198. CHAN, H. and Ü. ÖZGÜNER (1995): “Closed-loop control of systems over a communications network with queues.” Int. J. Control, 62:3, pp. 493–510. CHENG, S. T. and A. K. AGRAWALA (1994): “Scheduling of periodic tasks with relative timing constraints.” Technical Report CS-TR-3392. Department of Computer Science, University of Maryland, College Park, MD. CHENG, S. T. and A. K. AGRAWALA (1995): “Allocation and scheduling of real-time periodic tasks with relative timing constraints.” Technical Report CS-TR-3402. Department of Computer Science, University of Maryland, College Park, MD. KLEIN, M., T. RALYA, B. POLLAK, R. OBENZA, and M. G. HARBOUR (1993): A Practioner’s Handbook for Real-Time Analysis: Guide to Rate-Monotonic Analysis for Real-Time Systems. Kluwer Academic Publishers, Norwell, MA. KRTOLICA, R., Ü. ÖZGÜNER, H. CHAN, H. GÖKTAS, J. WINKELMAN, and M. LIUBAKKA (1994): “Stability of linear feedback systems with random communication delays.” Int. J. Control, 59:4, pp. 925–953. LIOU, L.-W. and A. RAY (1991): “A stochastic regulator for integrated communication and control systems: Part I - Formulation of control law.” Transactions of the ASME, Journal of Dynamic Systems, Measurement and Control, 113, pp. 604–611. LUCK, R. and A. RAY (1990): “An observer-based compensator for distributed delays.” Automatica, 26:5, pp. 903–908.
8
NILSSON, J. (1998a): Real-Time Control Systems with Delays. PhD thesis ISRN LUTFD2/TFRT--1049--SE, Department of Automatic Control, Lund Institute of Technology, Lund, Sweden. NILSSON, J. (1998b): “Two toolboxes for systems with random delays.” Technical Report TFRT-7572. Department of Automatic Control, Lund Institute of Technology, Lund, Sweden. NILSSON, J., B. BERNHARDSSON, and B. WITTENMARK (1998a): “Some topics in real-time control.” In Proceedings American Control Conference, pp. 2391–2395. Philadelphia. NILSSON, J., B. BERNHARDSSON, and B. WITTENMARK (1998b): “Stochastic analysis and control of real-time systems with random time delays.” Automatica, 34, pp. 57–64. RAY, A. (1994): “Output feedback control under randomly varying distributed delays.” Journal of Guidance, Control, and Dynamics, 17:4, pp. 701–711. REDELL, O. (1998): “Modelling of distributed real-time control systems: An approach for design and early analysis.” Technical Report TRITA-MMK 1998:9. Department of Machine Design, Royal Institute of Technology, Stockholm, Sweden. Licentiate thesis. TÖRNGREN, M. (1995): Modelling and Design of Distributed Real-Time Control Applications. PhD thesis TRITA-MMK 1995:7, Department of Machine Design, Royal Institute of Technology, Stockholm, Sweden. TÖRNGREN, M. (1998): “Fundamentals of implementing real-time control applications in distributed computer systems.” Journal of Real-Time Systems. Accepted for publication in Special Issue on Real-Time Systems in Mechatronics Applications. TSAI, N.-C. and A. RAY (1997): “Stochastic optimal control under randomly varying distributed delays.” International Journal of Control, 68:5, pp. 1179–1202. WITTENMARK, B., B. BASTIAN, and J. NILSSON (1998): “Analysis of time delays in synchronous and asynchronous control loops.” In Proceedings 37th IEEE Conference on Decision and Control. Accepted. WITTENMARK, B., J. NILSSON, and M. TÖRNGREN (1995): “Timing problems in realtime control systems.” In Proceedings American Control Conference, pp. 2000–2004. Seattle, WA.
9
