GOALI: Monitoring and Reconfiguration for Fault-Tolerance of Embedded Control Software with Automotive Applications

GOALI：监控和重新配置汽车应用嵌入式控制软件的容错能力

• 批准号: 0801763
• 负责人: Ratnesh Kumar
• 金额: $ 36万
• 依托单位: Iowa State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-06-01 至 2013-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0801763&HistoricalAwards=false
• 关键词: GOALI; Monitoring; Reconfiguration; Fault; Tolerance

GOALI: Monitoring and Reconfiguration for Fault-Tolerance of Embedded Softwarewith Automotive ApplicationsRatnesh Kumar (ISU) and Shengbing Jiang (GM R&D)Project SummaryObjectives:The objective of the proposed research is to develop an approach for fault detection prediction, isolation and recovery, and is motivated from fault-tolerance of embedded control software in automotive applications. Software is present in virtually all complex systems, including safety-critical systems such as automobiles, aircrafts, nuclear plants, medical devices, etc., andthere are many documented cases of failures of such systems due to software errors. The existing simulation/testing/verification practices cannot guarantee that a deployed software will be errorfree.(The problem is in general undecidable.) So it is important that measures be built-in for providing tolerance against any software-bugs that can compromise the safety of the users or the surrounding environment. The proposed research is motivated from the safety-critical application of automotive systems, and is proposed in collaboration with General Motors (GM). Modern vehicleswill be equipped with advanced features such as collision avoidance, adaptive cruise control, lane centering/changing, all of which will be implemented in software. New cost-effective approaches are needed for fault tolerance of automotive applications that will ensure safety even in the presence of errors in newly deployed software.Intellectual Merits:It includes the development of an approach for fault-tolerance of embeddedsoftware that are present in automotive applications. We will develop scalable fault diagnosis and prognosis techniques for (i) embedded control software (modeled as extended finite automata) by monitoring their behavior against their own properties, and (ii) overall controlled system (modeledas hybrid automata) by monitoring its behavior against its own properties. Monitoring the system level properties safeguards against any possible incompleteness of the controller level properties.We propose an abstraction based approach to detect and isolate a faulty controller component by monitoring of system-level properties. Abstraction based technique for prognosis of system-level property violations (i.e., prediction of such violations prior to their occurrence) is also proposed.The notions of detection, isolation, and prognostic indices have been proposed in this regard. Techniques will also be developed for control reconfiguration to enable fault recovery, and will rely on the reachability over the stability regions of various discrete modes, and also on computations based on model-prediction and trajectory-sensitivities. The collision avoidance software will be used as a case-study. Besides modeling, monitoring, diagnosability/prognosability verification, and reconfiguration, research will also be carried out to determine the computational resources for allocation and real-time scheduling of the proposed fault-tolerance strategies.Broader Impacts: Fault-tolerance against unanticipated software-errors is of growing interest,specially for safety- or security-critical applications and infrastructure, and our research will contribute to this topic. Further it is a collaborative research with GM, and an impact in automotive industry is likely for the fact that practical, scalable, and cost-effective solution will be developed.The proposed approach is general enough to be applicable to other embedded applications. Two PhD students and a post-doc involved in the project will get trained in a problem of industrial need. They will get practical exposure to industry through invitation to summer internships at GM. The research findings will be made available via PIs homepages and public-domain publications,and will be integrated into graduate courses in discrete-event controls, fault-tolerant computing, and embedded systems at ISU. PIs are committed to recruiting minority students (one third of PI's students are minority.)

目标：监控和重构汽车应用中嵌入式软件的容错能力Ratnesh Kumar(ISU)和蒋胜兵(GM R&A；D)项目摘要：本研究的目标是开发一种故障检测、预测、隔离和恢复的方法，其动机是汽车应用中嵌入式控制软件的容错。软件几乎存在于所有复杂系统中，包括汽车、飞机、核电站、医疗设备等安全关键系统，并且有许多记录在案的此类系统因软件错误而失败的案例。现有的模拟/测试/验证实践不能保证部署的软件是没有错误的。(问题通常是无法确定的。)因此，重要的是要内置措施，以提供对任何可能危及用户或周围环境安全的软件错误的容忍度。这项拟议的研究是从汽车系统的安全关键应用出发的，并与通用汽车(GM)合作提出。现代汽车将配备先进的功能，如避免碰撞，自适应巡航控制，车道居中/改变，所有这些都将在软件中实现。汽车应用程序的容错需要新的经济高效的方法，即使在新部署的软件出现错误的情况下也能确保安全。智能优点：它包括开发一种方法来容错汽车应用程序中存在的嵌入式软件。我们将开发可扩展的故障诊断和预测技术，用于(I)嵌入式控制软件(被建模为扩展的有限自动机)通过监控它们的行为来针对其自身属性，以及(Ii)整体受控系统(被建模为混合自动机)通过监控其行为来针对其自身属性。本文提出了一种基于抽象的方法，通过监控系统级属性来检测和隔离有故障的控制器组件。提出了一种基于抽象的系统级属性违规预测技术，提出了检测、隔离和预测指标等概念。还将开发控制重新配置技术，以实现故障恢复，并将依赖于各种离散模式稳定区域的可达性，以及基于模型预测和弹道灵敏度的计算。避碰软件将被用作案例研究。除了建模、监控、诊断/预测能力验证和重新配置之外，还将进行研究以确定用于分配和实时调度所提出的容错策略的计算资源。广泛影响：针对意外软件错误的容错日益受到关注，特别是对于安全或安全关键的应用和基础设施，我们的研究将对这一主题做出贡献。此外，这是一个与通用汽车的合作研究，可能会在汽车行业产生影响，因为它将开发出实用、可扩展和低成本的解决方案，该方法具有足够的通用性，适用于其他嵌入式应用。参与该项目的两名博士生和一名博士后将接受工业需求问题的培训。他们将通过受邀在通用汽车的暑期实习获得对行业的实际接触。研究结果将通过公共信息系统主页和公共领域出版物提供，并将纳入执行支助股关于离散事件控制、容错计算和嵌入式系统的研究生课程。国际学生联合会致力于招收少数族裔学生(该校三分之一的学生是少数族裔)。