29,330 research outputs found
Recommended from our members
Modular and Safe Event-Driven Programming
Asynchronous event-driven systems are ubiquitous across domains such as device drivers, distributed systems, and robotics. These systems are notoriously hard to get right as the programmer needs to reason about numerous control paths resulting from the complex interleaving of events (or messages) and failures. Unsurprisingly, it is easy to introduce subtle errors while attempting to fill in gaps between high-level system specifications and their concrete implementations.This dissertation proposes new methods for programming safe event-driven asynchronous systems.In the first part of the thesis, we present ModP, a modular programming framework for compositional programming and testing of event-driven asynchronous systems.The ModP module system supports a novel theory of compositional refinement for assume-guarantee reasoning of dynamic event-driven asynchronous systems. We build a complex distributed systems software stack using ModP.Our results demonstrate that compositional reasoning can help scale model-checking (both explicit and symbolic) to large distributed systems.ModP is transforming the way asynchronous software is built at Microsoft and Amazon Web Services (AWS). Microsoft uses ModP for implementing safe device drivers and other software in the Windows kernel.AWS uses ModP for compositional model checking of complex distributed systems. While ModP simplifies analysis of such systems, the state space of industrial-scale systems remains extremely large.In the second part of this thesis, we present scalable verification and systematic testing approaches to further mitigate this state-space explosion problem.First, we introduce the concept of a delaying explorer to perform prioritized exploration of the behaviors of an asynchronous reactive program. A delaying explorer stratifies the search space using a custom strategy (tailored towards finding bugs faster), and a delay operation that allows deviation from that strategy. We show that prioritized search with a delaying explorer performs significantly better than existing approaches for finding bugs in asynchronous programs.Next, we consider the challenge of verifying time-synchronized systems; these are almost-synchronous systems as they are neither completely asynchronous nor synchronous.We introduce approximate synchrony, a sound and tunable abstraction for verification of almost-synchronous systems. We show how approximate synchrony can be used for verification of both time-synchronization protocols and applications running on top of them.Moreover, we show how approximate synchrony also provides a useful strategy to guide state-space exploration during model-checking.Using approximate synchrony and implementing it as a delaying explorer, we were able to verify the correctness of the IEEE 1588 distributed time-synchronization protocol and, in the process, uncovered a bug in the protocol that was well appreciated by the standards committee.In the final part of this thesis, we consider the challenge of programming a special class of event-driven asynchronous systems -- safe autonomous robotics systems.Our approach towards achieving assured autonomy for robotics systems consists of two parts: (1) a high-level programming language for implementing and validating the reactive robotics software stack; and (2) an integrated runtime assurance system to ensure that the assumptions used during design-time validation of the high-level software hold at runtime.Combining high-level programming language and model-checking with runtime assurance helps us bridge the gap between design-time software validation that makes assumptions about the untrusted components (e.g., low-level controllers), and the physical world, and the actual execution of the software on a real robotic platform in the physical world. We implemented our approach as DRONA, a programming framework for building safe robotics systems.We used DRONA for building a distributed mobile robotics system and deployed it on real drone platforms. Our results demonstrate that DRONA (with the runtime-assurance capabilities) enables programmers to build an autonomous robotics software stack with formal safety guarantees.To summarize, this thesis contributes new theory and tools to the areas of programming languages, verification, systematic testing, and runtime assurance for programming safe asynchronous event-driven across the domains of fault-tolerant distributed systems and safe autonomous robotics systems
The space station tethered elevator system
The optimized conceptual engineering design of a space station tethered elevator is presented. The elevator is an unmanned mobile structure which operates on a ten kilometer tether spanning the distance between the Space Station and a tethered platform. Elevator capabilities include providing access to residual gravity levels, remote servicing, and transportation to any point along a tether. The potential uses, parameters, and evolution of the spacecraft design are discussed. Engineering development of the tethered elevator is the result of work conducted in the following areas: structural configurations; robotics, drive mechanisms; and power generation and transmission systems. The structural configuration of the elevator is presented. The structure supports, houses, and protects all systems on board the elevator. The implementation of robotics on board the elevator is discussed. Elevator robotics allow for the deployment, retrieval, and manipulation of tethered objects. Robotic manipulators also aid in hooking the elevator on a tether. Critical to the operation of the tethered elevator is the design of its drive mechanisms, which are discussed. Two drivers, located internal to the elevator, propel the vehicle along a tether. These modular components consist of endless toothed belts, shunt-wound motors, regenerative power braking, and computer controlled linear actuators. The designs of self-sufficient power generation and transmission systems are reviewed. Thorough research indicates all components of the elevator will operate under power provided by fuel cells. The fuel cell systems will power the vehicle at seven kilowatts continuously and twelve kilowatts maximally. A set of secondary fuel cells provides redundancy in the unlikely event of a primary system failure. Power storage exists in the form of Nickel-Hydrogen batteries capable of powering the elevator under maximum loads
The driver concept for the DLR Lightweight Robot III
In this paper we present the synchronization and
driver architecture of the DLR LWR-III, which supplies an easy
to use interface for applications. For our purpose we abstracted
the robot hardware entirely from the control algorithms using
the common device driver concept of modern operating systems.
The software architecture is split into two modular parts. On
the one side, there are device drivers that communicate with the
hardware components. On the other side, there are realtime ap-
plications realized as Simulink Models, which provide advanced
control algorithms. This ensures a clean separation between the
two modules and provides a communication over a common
and approved interface. Furthermore we investigated how we
can ensure synchronization to the hardware over the device
driver interfaces and how we can ensure that it meets hard
realtime requirements. The main result of this paper is to realize
a synchronization between LWR-III hardware and Simulink
control applications while targeting small latencies with respect
to hard realtime requirements. The design is implemented and
verified on WindRiverTM VxWorksTM
A Multi-Robot Cooperation Framework for Sewing Personalized Stent Grafts
This paper presents a multi-robot system for manufacturing personalized
medical stent grafts. The proposed system adopts a modular design, which
includes: a (personalized) mandrel module, a bimanual sewing module, and a
vision module. The mandrel module incorporates the personalized geometry of
patients, while the bimanual sewing module adopts a learning-by-demonstration
approach to transfer human hand-sewing skills to the robots. The human
demonstrations were firstly observed by the vision module and then encoded
using a statistical model to generate the reference motion trajectories. During
autonomous robot sewing, the vision module plays the role of coordinating
multi-robot collaboration. Experiment results show that the robots can adapt to
generalized stent designs. The proposed system can also be used for other
manipulation tasks, especially for flexible production of customized products
and where bimanual or multi-robot cooperation is required.Comment: 10 pages, 12 figures, accepted by IEEE Transactions on Industrial
Informatics, Key words: modularity, medical device customization, multi-robot
system, robot learning, visual servoing, robot sewin
A Multi-Robot Cooperation Framework for Sewing Personalized Stent Grafts
This paper presents a multi-robot system for manufacturing personalized
medical stent grafts. The proposed system adopts a modular design, which
includes: a (personalized) mandrel module, a bimanual sewing module, and a
vision module. The mandrel module incorporates the personalized geometry of
patients, while the bimanual sewing module adopts a learning-by-demonstration
approach to transfer human hand-sewing skills to the robots. The human
demonstrations were firstly observed by the vision module and then encoded
using a statistical model to generate the reference motion trajectories. During
autonomous robot sewing, the vision module plays the role of coordinating
multi-robot collaboration. Experiment results show that the robots can adapt to
generalized stent designs. The proposed system can also be used for other
manipulation tasks, especially for flexible production of customized products
and where bimanual or multi-robot cooperation is required.Comment: 10 pages, 12 figures, accepted by IEEE Transactions on Industrial
Informatics, Key words: modularity, medical device customization, multi-robot
system, robot learning, visual servoing, robot sewin
- …