Chapter 5 ETHERWARE BASED APPLICATION DESIGN
5.3 Design patterns for robustness
Control systems are characterized by components operating in control loops. In networked control systems, such loops may involve communication over network links as well. For instance, a simple control loop is shown in Figure 5.2, where feedback from the sensor to the controller and controls from the controller to the actuator are transmitted over network channels.
Networked control loops involve many failures that need to be tolerated for effective op- eration. For instance, communication channels in best effort networks, and particularly in wireless networks, are prone to delays and packet losses. Also, the failure of a remote compo- nent, such as the controller in the above example, could potentially disrupt the operation of the entire system. Even in the presence of efficient fault tolerance and restart mechanisms, the involved transients could still lead to system instabilities.
Local temporal autonomy is a key property that can be used to address most of the above problems. It is the ability of components to tolerate disruptions in other components for a certain amount of time, and with graceful degradation. This not only shields components from the faults listed above, but also provides precious additional time to recover from such faults as well. In this section, we present two design patterns that use this property to address faults in each of the communication links in Figure 5.2.
Controller Sensor
Network Channel
(a) Basic feedback
State
Estimator Controller Sensor
(b) Enhanced feedback
Figure 5.3: State estimation design pattern
5.3.1
State estimation
Sensory feedback from the sensor to the controller is the basis of feedback control. In digital control design, such feedback is expected to be periodic with hard real-time guarantees. However, such guarantees cannot be provided over best effort and wireless network channels. Hence, to apply digital control theory in the design of networked control systems, this problem has to be addressed effectively.
State estimation [59] is a widely used technique in control systems to overcome noise in sensory feedback. For this, a state estimator maintains a model of the plant, which it then uses to predict plant behavior based on received feedback and applied controls. Due to modeling errors, the error in state estimates grow with time. However, regular feedback improves these estimates and keeps the error bounded. In particular, the state estimator can take in feedback with delays and jitter, and still provide reasonably accurate and periodic state estimates.
The essence of the state estimation design pattern is to use a state estimator at the controller to tolerate faults in sensory feedback as shown in Figure 5.3. Since the state estimator can provide reasonably accurate estimates without feedback for a limited duration,
Controller
Network Channel
Actuator
(a) Basic control
Controller
Control Buffer
Actuator
(b) Enhanced control
Figure 5.4: Receding horizon control design pattern
this pattern increases the local temporal autonomy of the controller. In addition, the state estimator also provides periodic estimates to the controller enabling the application of digital control theory in networked control systems.
5.3.2
Receding horizon control
Traditional digital controllers operate periodically, computing one set of controls for every period. These controls are then sent to the actuator, which effects them in the plant. This simple design works well in practice when the controller and the actuator execute on the same computer. However, when they communicate over a network link, then the above design is vulnerable to the attendant faults of networked operation. In particular, when periodic controls do not arrive from the controller due to software or communication failures, then the actuator has no controls to effect. In such cases, actuators may have default fail-safe controls that maintain system safety. While this approach may work with occasional failures, it is certainly quite sub-optimal in most networked control systems.
Under the receding horizon control design pattern, the controller computes a sequence of future controls during every period. These controls are then stored in a control buffer
VisionServer State Estimator Controller Control Buffer Actuator Car
Figure 5.5: Design enhancements in the lower level control loop of the testbed at the actuator as shown in Figure 5.4(b). Hence, if a subsequent control update from the controller is delayed or lost, then the actuator can use the pre-computed controls from the control buffer. Consequently, this improves the local temporal autonomy of the actuator, and promotes graceful degradation in the presence of controller failures.
Two important points regarding receding horizon control must be noted. First, the controller needs a model to estimate future plant behavior so that it can compute a sequence of controls. One interesting option is to use the state estimator itself as a state predictor since the estimator already has a model of the plant. Alternatively, control laws such as model predictive control [27], which automatically compute sequences of future controls, may also be employed. Second, since the actual controls effected by the actuator are not known in advance, this information must be fed back to the controller and its state estimator as shown in Figure 5.4(b).
5.3.3
Testbed design enhancements
The state estimation and receding horizon control design patterns have been applied in both the control loops of the testbed shown in Figure 5.1. In particular, the design enhancements to the lower level control loop are shown in Figure 5.5. The enhanced Controller uses a state estimator to filter the sensory feedback from the VisionServer. Also, the Controller computes and sends a sequence of future controls to the Actuator, which then stores them in a control buffer according to the receding horizon control design pattern. The Controller in the testbed uses model predictive control [27] as noted in Section 2.2. Hence, it automatically computes a sequence of future controls that are then sent to the Actuator. In particular, the state estimator and the Controller use the same plant model.
In the rest of the chapter, we analyze and experimentally validate the above design enhancements in the lower level control loop of the testbed.