Problems of Building the Intelligent Consistent Control Logic for Complex Technical Systems in Transport Industry Andrey A. Tyugashev Igor A. Molodkin Samara State Transport Emperor Alexander I St. Petersburg State Transport University University Samara, Russia Saint Petersburg, Russia a.tyugashev@samgups.ru ivs@pgups.ru Alexander P. Dolgintsev Sergey E. Adadurov Samara State Transport JSC “VNIIZHT” University Moscow, Russia Samara, Russia dolgintsev@rambler.ru lot of different devices. The next essential common feature is a complex behavior in the external environment with possible unpredictable events. The very important problem related to the systems is providing them with consistent control with the right Abstract consideration of various kinds of complexity. The paper is devoted to the attempts of analysis of the We can review Railroad Transportation, various sides of this problem, and finding the ways of Aerial manned and unmanned vehicles, and the possible solutions. Spacecrafts as examples of a complex Each complex system is being built to perform a technical system. Their subsystems contain particular role. We can suppose transport passengers many devices, sensors, and other equipment. from one geographical location to another, generate There is an important problem how to build electric power, manufacture the goods, etc. There are a the intelligent real-time computer-based set of system goals to be achieved. For the systems in control logic for such complex of the the Transport Industry, for example, trains, planes, subsystems. The paper is devoted to this trucks these goals accompanied by the moments of problem. We focus on mathematical modeling time (deadlines). Moreover, to achieve a goal at a and finding the ways of synthesis and specific moment of time, it is necessary to execute verification of consistent control logic. The some preparatory processes. Other processes should be paper also presents some software tools executed after reaching the goal (for instance, cleaning developed by the authors. of the cabin or the cargo body). So, the very important aspect of complexity is a Real-Time mode [Tyu06]. In 1 Introduction many cases, the system should fulfil not just an abstract ‘tasks’, but the timed sequences of logically There are many very complex technical systems in use coordinated and physically mutually dependent nowadays in different areas. We can propose Railroad processes. Some of these processes have non-zero Transportation, Automated Manufactories, Nuclear duration, so we must model them adequately. The Power Plants, Spacecrafts [Koz98], etc. as good systems to be modeled have an active nature. It means examples of such systems. Named systems have some the existence of the plan/schedule to be implemented. significant common features related to the phenomenon In Aerospace Industry, such plan is being called as of complexity. For example, one can note the complex ‘cyclogram’. Moreover, frequently there are physically hierarchical structure; in fact, the system usually and logically founded restrictions not just for the consists of the subsystems which, in turn, consist of a sequence of the processes to be executed, but for synchronization of begins and ends of them. Some Copyright c by the paper's authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). In: A. processes must have no overlaps in time, and the Khomonenko, B. Sokolov, K. Ivanova (eds.): Selected Papers of the reasons for this issue could be very strong. These Models and Methods of Information Systems Research Workshop, St. requirements could be formulated using the language Petersburg, Russia, 4-5 Dec. 2019, published at http://ceur-ws.org of Real-Time Control Logic [Kav06]. 80 The additional aspect of the complexity of the control Usually, the control subsystem of the modern complex logic is caused by the possibility of some unpredictable technical system uses computers running a special sort events which might require change/adapt system’s of software – control software. In Aerospace Industry plans to provide flexible reaction. The system must this software called ‘flight control software’. This successfully complete the plan both in normal software issue commands to the onboard equipment operations and in case of abnormal situations. In a coded as the sequence of electric impulses. Command picture reflecting the cyclogram, the fact that this can means, for example, «Activate the device 2 of the particular process has to be executed in a specific system 1 now» or «Switch the gyrodyne 2 off». The situation only (for example, if some event happened) software name itself means this is a ‘soft’ entity having can be shown by color [Tyu16]. Also, we can see the the appropriate level of flexibility to reconfigure the duration specified for the processes continued in time. onboard apparatus to keep enough level of all kinds of In Aerospace Industry this kind of plan/schedule is the required functionality during the whole mission usually called a ‘cyclogram’, see Fig. 1. [Syg19]. Of course, the system works under the influence of the environment. The required execution of the system’s plans is being dependent on external factors. On the other hand, the system’s outputs and activity change the external environment due to physical engagements (perhaps, with some time delay). We can state the existence of the mutual influence between the system and its environment. This specificity caused the following requirement for the system. The control means should provide control that can guarantee safety during the completion of the pre-defined set of tasks the complex technical system was built to execute. The safety, in this case, means not only internal safety, i.e. keeping the devices and subsystems in serviceable Figure 1: Cyclogram/plan of real-time operations ‘healthy’ conditions, but also the external safety. We mean that the system has its own influence on the Of course, consistent control requires such features as external world, and we must keep various kinds of dependability and flexibility. In case of some influence in defined borders. Moving objects should emergencies caused by faults of the equipment, the not damage the humans or arbitrary external entity. The system goals should be achieved anyway [Fi15]. This emissions of the enterprise must be within the specified is possible due to the redundancy of the limits, and so on. The other side of this problem equipment/apparatus. The designers of the complex connected with the accurate consumption of the system provide structural and functional redundancy in available resources during the functioning. Each device several ways. First, the duplication is widely used for requires particular resources, for instance, electric critical mechanisms and aggregates. If some particular power. Numerous devices can be turned to various device will be crashed, the control system should detect regimes with different levels of consumption of the this abnormal situation and switch to backup one. In resources. The control rules of the named technical other words, there is a very important ability of systems are being implemented by ‘control logic’. intelligent cybernetic systems - reconfiguration. The very important issue is the necessity of presence in Another successfully applied [Koz98] way to parry the control means of the complex technical system of some device’s failures is to utilize functional redundancy to internal ‘reflection’ of the following aspects. First, we use another subsystem in an abnormal situation. To do need a picture of the external environment and its this, the control algorithms must ‘understand’ factors we should take into account when functional abilities of the various kinds of installed implementing our plans. Second, we should have the equipment and existence of the opportunities to use image of the current condition of the controlled system another unit to execute some task instead of initially itself with the means to describe the level of intended for this purpose. functionality/workability of our devices. And finally, we must have the representation of the goals with the 81 understandings which ones are already done and which restructuration. And finally, the set of goals to be are waiting to be executed at which moments of time. achieved might be updated during the operations. In this context, we can apply the well-known Ashby’s How we can describe the real-time control logic used cybernetical Law of Requisite Variety: only a variety by these systems? When we are talking about the logic, of control means can absorb a variety of controlled we suppose the usage of axioms and rules. Naturally, complex system and its behavior. Or: the control we should utilize some reasoning based on the rules of system’s complexity (both hardware and software) logic. What can we review as the ‘control logic’ of the reflects the complexity of the controlled system itself. complex technical system? Rules can be formed as ‘IF Hereby, we need to define the models for adequate {antecedents/assumptions} THEN {conclusions}. For describing the presented complex systems with the complex technical systems working in real-time mode, corresponding representation of the real-time control the best results could be provided by the timed versions logic considering the requirements and restrictions of these rules, which can be specified in the following stated above, and to find the methods for building this manner:: consistent control logic in practice. a1(tu1)^ ¬ a2(t u2)^… aM(t uM) →A1(ta1)^A2(ta1)^… AN(taN) (1) 2 The Method There are logical variables (with the values TRUE and Let us outline the necessity of the following essential FALSE) on the left side of the formulae, and the features for real-time intelligently and consistently actions on the right side. Some of the actions set or controlled complex systems: clear the logical conditions, so after the application of • Presence of internal reflection of the external some rule, the truth of particular conditions can be environment, the image of the current condition of changed. The very important aspect of the complex the system including information about the actual system interacting with the external environment by the level of functional abilities of the installed devices physical processes is changing the conditions reflecting – ‘image of itself’, and the knowledge about the the current situation, in time. As we presented above in plan (schedule) including data about already (1), we have the conjunction of the conditions (some completed tasks and goals to be achieved in future. with the logical negation) on the left side of the rule. It • The ability of flexible self-reconfiguration based is possible to specify several rules with the same left on an evaluation of the current situation and tasks part, so these rules can be used as connected by logical to be executed OR (disjunction). Consequently, in accordance with the • System’s control logic based on the real-time rules logical completeness of DNF/CNF form of logical which might be flexibly updated and expanded. rules, we can declare the universalism of this approach Druzhinin and Kntorov [Dru76] mentioned the levels for the description of any real-time control logic. of complexity of cybernetical systems. The problem of the synthesis of the consistent control • Deterministic S1 systems with the rigid logic requires performing the following transitions. transformation rule input X into output Y Since we have the goals to be achieved by the system • Stochastic S2 systems with the notable influence with the correspondent deadlines, we can then make of random factors to results the transition to the required schedule (set of the • S3 systems without well-defined rules of schedules for various scenarios depending on course of transformation input into output events) of the actions (processes). Each action requires • S4 systems implementing the plans and achieving some specific functionality. For instance, moving the pre-settled goals objects need some abilities in navigation and some • S0 systems with choosing its own goals and abilities in communications. Meanwhile, navigation changing the structure and adaptive reaction for can be performed using GPS/GLONASS satellite’s the inputs signals or using the inertial navigation system. A power • Using this approach, the considered systems might supply is another kind of required functionality which be classified as S0 systems. The reasons are the can be provided by different devices, for example by following. First, we have the flexible control logic the batteries or by solar panels. So, we can realize the taking into account the different situations transition from the process schedule to schedule of implemented by control software. Second, we can necessary functionality. Then we should make a state the presence of the possibility of self- transition from the functionality to the devices needed 82 to provide it. At this moment, we have the schedule CL – control logic presented as a set of timed (again, schedules for various scenarios) of the work of rules the system’s’ devices. The next transition is the RS is the set of resources/emissions having transition from this schedule to the set of rules of an impact on consistent functioning of the system with control logic formulated as (1). And then we can the specified maximum allowed levels of implement (by manual coding or by automated code consumption/emission generation, see [Tyu162]) this logic implemented in the SC is the set of the constraints for right synchronization control software. The reverse engineering problem is of the system’s processes in the above- presented form. the problem of verification whether the logic Actually, the BA can be reviewed as the algebraic implemented in control software corresponds to the system [Tyu06] with the relation of belonging the goals and their deadlines. It supposes the transition device to a system, and there are relations between the from the existing software modules back to control devices and their working modes, and between the logic’s rules. We can use special procedures for the working modes, levels of provided functionality, extraction of the control logic rules from the program resources and emissions. The restrictions for the code by analyzing the software modules, then for the minimal required level of each kind of functionality restoration of the aforementioned schedules, and then and maximal available levels of each kind of the for checking if the required goals are being achieved in resources are the other essential constraint for the time. consistent control logic along with the time restrictions Consequently, the ‘consistency’ of the control logic To solve the problem we can use computer simulation means: in a special software tool to calculate the consuming of the resources and emissions for all mission time • Correspondence to the set of the required duration. Another simulation mechanism can allow conditions of synchronization, for example f1 << checking whether the levels of all kinds of required f2, f3 CH f5, f1->f5->f7, prohibition of the functionality will be enough for achieving the system’s intersection of particular processes f11 <> f8 (it goals even in case of arising of abnormal situations. can be caused by the physical reasons, for The problem of verification of the control logic is instance, if the spacecraft’s solar panel can shade checking whether 1) the specified set of rules the lens of Earth Remote Sensing instrument) implements the schedule which guarantees to achieve • Functioning without violation of the limits of the goals with compliance of their deadlines; 2) available resources and allowed emissions available/allowed levels of resources and emissions are • Dependability, i.e. the completion of the set of not violated, and 3) existing restrictions SC are not required tasks should be guaranteed regardless of violated. In case of the abnormal situation caused by device failures and happening of the unforeseen the fault of a particular device, the control subsystem situations. should check the level of degradation of the Whenever we have the schedule built starting from the corresponding functionality, and then issue a special system’s goals or extracted from the control programs, command to activate the appropriate substitution. its compliance with synchronization requirements can These rules must be a significant subset of the real-time be verified using the physical sense of the operators << control logic rules. (precedence in time), <> (prohibition of the overlapping), СН (begin-begin link), СК (end-end link), → (direct following), see the publications Conclusion and Future Work [Kav06] and [Tyu16]. Further, we can define the complex technical system as The model for the description of the real-time control the following tuple: logic for a complex technical system in the Transport {BA, G, CL, RS, CA, CS} (2) Industry has been defined in the article. We have Where BA is the set of the devices with the considered fundamental problems connected with the correspondent set of their working modes; consistent control logic. The first problem is a problem G is a set of goals to be implemented of verification, and the second problem is a synthesis accompanied by the deadline for each goal of consistent real-time control. FS is a set of the kinds of functionality When we consider the future work, we can underline that the authors lead the development of special 83 software tools which allow verifying the control logic Journal of Computer and Systems Sciences implemented in the source code of the control International. 45(2): 287–300, August 2006. programs. To solve the problem of synthesis the logic [Kav06] A. Kalentyev CALS technology in lifecycle with compliance to conditions of consistency, we are trying to utilize the power of modern Satisfiability of complex control programs / A.A Kalentyev, Model Theories Solvers, see [Tyu18]. The screenshot A.A. Tyugashev Samara: Scientific Center of of the one of the developed software prototypes is Russian Academy of Sciences, 2006. 266 p. shown in Fig. 2. (in Russian). Another perspective approach connected with the use [Tyu16] A Tyugashev Language and Toolset for of constraint programming. In the past, we had a Visual Construction of Programs for successful experience in the application of logic Intelligent Autonomous Spacecraft Control programming the real-time control algorithms IFAC - PapersOnLine 49 (5), 120-125, May [Tyu162]. 2016. [Fil15] A. Filatov Structure and algorithms of motion control system's software of the small spacecraft / A.V. Filatov, I.S. Tkachenko, A.A Tyugashev., E.V. Sopchenko CEUR Workshop Proc. Proceedings of International Conference Information Technology and Nanotechnology ITNT 2015, Pp. 246- 251.2015. [Syg19] Yu. Sygurov Method for modeling of Spacecraft onboard apparatus and building of consistent control logic with limited onboard resources / A. Tyugashev, Yu. Sygurov, Journal of Physics Conference Series Figure 2:. Screenshot of the software prototype 1368:042032 November 2019. The logic programs written in Prolog language allow [Dru76] V.B. Druzhinin. The problems of the finding the appropriate parameters of the algorithm. systemology (the problems of the theory of complex systems ) / V.B. Druginin,, D.S. Acknowledgments Kontorov Moscow: Sovetskoye Radio, 1976. 296 p. (In Russian). We acknowledge the colleagues from Samara Space [Tyu18] A. Tyugashev, Application of SMT solvers for Centre and JSC Information Satellite Systems for the evaluation of Real-Time control logic of many-years collaboration in the area of spacecraft fight spacecraft. / Journal of Physics: Conference control software engineering, and the founder of this Series 1096 (1) January 2018 direction of researches, Anatoly Kalentyev. [Tyu162] A. Tyugashev Visual Builder of Rules for Spacecraft Onboard Real-Time Knowledge References Base / 8th KES International Conference on [Koz98] D. Kozlov. Control of Earth observation Intelligent Decision Technologies (KES-IDT spacecrafts: Computer Technologies / D. I 2016) Part II, Pp. 189-205. 2016. Kozlov, G.P Anshakov., Ya.A. Mostovoy, A.V. Sollogub Moscow: Mashinostroenie, 1998, 245 p. (in Russian). [Tyu06] A. Tyugashev. Integrated environment for designing real-time control algorithms 84