The Car and The Cloud: Automotive Architectures for 2020

Three trends are emerging in drivers’ expectations for their vehicle: (1) continuous connectivity with both the infrastructure (e.g., smart traffic intersections) and other commuters, (2) enhanced levels of productivity and entertainment for the duration of travel, and (3) reduction in cognitive load through semiautonomous operation and automated congestion-aware route planning. To address these demands, vehicles should become more programmable so that almost every aspect of engine control, cabin comfort, connectivity, navigation, and safety will be remotely upgradable and designed to evolve over the lifetime of the vehicle. Progress toward the vehicle of the future will entail new approaches in the design and sustainability of vehicles so that they are connected to networked traffic systems and are programmable over the course of their lifetime. To that end, our automotive research team at the University of Pennsylvania is devel- oping an in-vehicle programmable system, AutoPlug, an automotive architecture for remote diagnostics, testing, and code updates for dispatch from a datacenter to vehicle electronic controller units. For connected vehicles, we are implementing a networked vehicle platform, GrooveNet, that allows communication between real and simulated vehicles to evaluate the feasibility and application of vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication; the focus in this paper is on its application to safety. Finally, we are working on a tool for large-scale traffic congestion analysis, AutoMatrix, capable of simulating over 16 million vehicles on any US street map and computing real-time fastest paths for a large subset of vehicles. The tools and platforms described here are free and open-source from the author

Distributed Control for Cyber-Physical Systems

Networked Cyber-Physical Systems (CPS) are fundamentally constrained by the tight coupling and closed-loop control and actuation of physical processes. To address actuation in such closed-loop wireless control systems there is a strong need to re-think the communication architectures and protocols for maintaining stability and performance in the presence of disturbances to the network, environment and overall system objectives. We review the current state of network control efforts for CPS and present two complementary approaches for robust, optimal and composable control over networks. We first introduce a computer systems approach with Embedded Virtual Machines (EVM), a programming abstraction where controller tasks, with their control and timing properties, are maintained across physical node boundaries. Controller functionality is decoupled from the physical substrate and is capable of runtime migration to the most competent set of physical controllers to maintain stability in the presence of changes to nodes, links and network topology. We then view the problem from a control theoretic perspective to deliver fully distributed control over networks with Wireless Control Networks (WCN). As opposed to traditional networked control schemes where the nodes simply route information to and from a dedicated controller, our approach treats the network itself as the controller. In other words, the computation of the control law is done in a fully distributed way inside the network. In this approach, at each time-step, each node updates its internal state to be a linear combination of the states of the nodes in its neighborhood. This causes the entire network to behave as a linear dynamical system, with sparsity constraints imposed by the network topology. This eliminates the need for routing between “sensor → channel → dedicated controller/estimator → channel → actuator”, allows for simple transmission scheduling, is operational on resource constrained low-power nodes and allows for composition of additional control loops and plants. We demonstrate the potential of such distributed controllers to be robust to a high degree of link failures and to maintain stability even in cases of node failures

Embedded Virtual Machines for Robust Wireless Control and Actuation

Embedded wireless networks have largely focused on open-loop sensing and monitoring. To address actuation in closed-loop wireless control systems there is a strong need to re-think the communication architectures and protocols for reliability, coordination and control. As the links, nodes and topology of wireless systems are inherently unreliable, such time-critical and safety-critical applications require programming abstractions and runtime systems where the tasks are assigned to the sensors, actuators and controllers as a single component rather than statically mapping a set of tasks to a specific physical node at design time. To this end, we introduce the Embedded Virtual Machine (EVM), a powerful and flexible programming abstraction where virtual components and their properties are maintained across node boundaries. In the context of process and discrete control, an EVM is the distributed runtime system that dynamically selects primary-backup sets of controllers to guarantee QoS given spatial and temporal constraints of the underlying wireless network. The EVM architecture defines explicit mechanisms for control, data and fault communication within the virtual component. EVM-based algorithms introduce new capabilities such as predictable outcomes and provably minimal graceful degradation during sensor/actuator failure, adaptation to mode changes and runtime optimization of resource consumption. Through case studies in process control we demonstrate the preliminary capabilities of EVM-based wireless networks

High-Confidence Medical Device Software Development

The design of bug-free and safe medical device software is challenging, especially in complex implantable devices. This is due to the device\u27s closed-loop interaction with the patient\u27s organs, which are stochastic physical environments. The life-critical nature and the lack of existing industry standards to enforce software validation make this an ideal domain for exploring design automation challenges for integrated functional and formal modeling with closed-loop analysis. The primary goal of high-confidence medical device software is to guarantee the device will never drive the patient into an unsafe condition even though we do not have complete understanding of the physiological plant. There are two major differences between modeling physiology and modeling man-made systems: first, physiology is much more complex and less well-understood than man-made systems like cars and airplanes, and spans several scales from the molecular to the entire human body. Secondly, the variability between humans is orders of magnitude larger than that between two cars coming off the assembly line. Using the implantable cardiac pacemaker as an example of closed-loop device, and the heart as the organ to be modeled, we present several of the challenges and early results in model-based device validation. We begin with detailed timed automata model of the pacemaker, based on the specifications and algorithm descriptions from Boston Scientific. For closed-loop evaluation, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning and malfunctioning (i.e., during arrhythmia) hearts. By extracting the timing properties of the heart and pacemaker device, we present a methodology to construct timed-automata models for formal model checking and functional testing of the closed-loop system. The VHM\u27s capability of generating clinically-relevant response has been validated for a variety of common arrhythmias. Based on a set of requirements, we describe a framework of Abstraction Trees that allows for interactive and physiologically relevant closed-loop model checking and testing for basic pacemaker device operations such as maintaining the heart rate, atrial-ventricle synchrony and complex conditions such as avoiding pacemaker-mediated tachycardia. Through automatic model translation of abstract models to simulation-based testing and code generation for platform-level testing, this model-based design approach ensures the closed-loop safety properties are retained through the design toolchain and facilitates the development of verified software from verified models. This system is a step toward a validation and testing approach for medical cyber-physical systems with the patient-in-the-loop

WisperNet: Anti-Jamming for Wireless Sensor Networks

Resilience to electromagnetic jamming and its avoidance are difficult problems. It is often both hard to distinguish malicious jamming from congestion in the broadcast regime and a challenge to conceal the activity patterns of the legitimate communication protocol from the jammer. In the context of energy-constrained wireless sensor networks, nodes are scheduled to maximize the common sleep duration and coordinate communication to extend their battery life. This results in well-defined communication patterns with possibly predictable intervals of activity that are easily detected and jammed by a statistical jammer. We present an anti-jamming protocol for sensor networks which eliminates spatio-temporal patterns of communication while maintaining coordinated and contention-free communication across the network. Our protocol, WisperNet, is time-synchronized and uses coordinated temporal randomization for slot schedules and slot durations at the link layer and adapts routes to avoid jammers in the network layer. Through analysis, simulation and experimentation we demonstrate that WisperNet reduces the efficiency of any statistical jammer to that of a random jammer, which has the lowest censorship-to-link utilization ratio. WisperNet is more energy efficient than low-power listen CSMA protocols such as B-mac and is simple to analyze in terms of effective network throughput, reliability and delay. WisperNet has been implemented on the FireFly sensor network platform

Embedded Virtual Machines for Wireless Industrial Automation (Demo)

The factory of the future is the Wireless Factory - fully programmable, nimble and adaptive to planned mode changes and unplanned faults. Today automotive assembly lines loose over $22,000 per minute of downtime. The systems are rigid, difficult to maintain, operate and diagnose. Our goal is to demonstrate the initial architecture and protocols for all-wireless factory control automation. Embedded wireless networks have largely focused on open-loop sensing and monitoring. To address actuation in closed-loop wireless control systems there is a strong need to re-think the communication architectures and protocols for reliability, coordination and control. As the links, nodes and topology of wireless systems are inherently unreliable, such time-critical and safety-critical applications require programming abstractions where the tasks are assigned to the sensors, actuators and controllers as a single component rather than statically mapping a set of tasks to a specific physical node at design time. To this end, we introduce the Embedded Virtual Machine (EVM), a powerful and flexible runtime system where virtual components and their properties are maintained across node boundaries. EVM-based algorithms introduce new capabilities such as provably minimal graceful degradation during sensor/actuator failure, adaptation to mode changes and runtime optimization of resource consumption. Through the design of a micro-factory we aim to demonstrate the capabilities of EVM-based wireless networks

Evaluation of DR-Advisor on the ASHRAE Great Energy Predictor Shootout Challenge

This paper describes the evaluation of DR-Advisor algorithms on \u27\u27The Great Energy Predictor Shootout - The First Building Data Analysis and Prediction Competition\u27\u27 held in 1993-94 by ASHRAE

Embedded Virtual Machines for Robust Wireless Control Systems

Embedded wireless networks have largely focused on open loop sensing and monitoring. To address actuation in closed loop wireless control systems there is a strong need to re-think the communication architectures and protocols for reliability, coordination and control. As the links, nodes and topology of wireless systems are inherently unreliable, such time-critical and safety-critical applications require programming abstractions where the tasks are assigned to the sensors, actuators and controllers as a single component rather than statically mapping a set of tasks to a specific physical node at design time. To this end, we introduce the Embedded Virtual Machine (EVM), a powerful and flexible programming abstraction where virtual components and their properties are maintained across node boundaries. In the context of process and discrete control, an EVM is the distributed runtime system that dynamically selects primary-backup sets of controllers to guarantee QoS given spatial and temporal constraints of the underlying wireless network. The EVM architecture defines explicit mechanisms for control, data and fault communication within the virtual component. EVM-based algorithms introduce new capabilities such as predictable outcomes and provably minimal graceful degradation during sensor/actuator failure, adaptation to mode changes and runtime optimization of resource consumption. Through the design of a natural gas process plant hardware-in-loop simulation we aim to demonstrate the preliminary capabilities of EVM-based wireless networks

Modeling Cardiac Pacemaker Malfunctions With the Virtual Heart Model

Implantable cardiac devices such as artificial pacemakers deliver therapies according to the timing information from the heart. Such devices work under the assumptions of perfect sensing, which are: (a) the pacemaker leads remain in place, and (b) the pacing therapy in one chamber (e.g. atrium) is insulated from the other chambers (e.g. ventricles). But there are common cases which violate these assumptions and the mechanisms for imperfect sensing cannot be captured by a simple signal generator. In this paper we use the Penn Virtual Heart Model (VHM) to investigate the spatial and temporal aspects of the electrical conduction system of the heart in a closed-loop with a pacemaker model. We utilize the spatial properties of the heart to model the sensing mechanism, and use clinical cases to show the validity of our sensing model. Such closed-loop evaluation of the pacemaker operation allows for functional testing of pacemaker software, the development of new algorithms for rhythm therapy and also serves as a tool for incoming cardiac electrophysiology fellows