Presentation of the BIP Engine experiment.
The BIP/BIP Engine experiment was conducted in September 2019. It was the first experiment where we were able to execute all the GenoM components under the control of the BIP Engine http://www-verimag.imag.fr/New-BIP-tools.html . Using the following template https://redmine.laas.fr/projects/genom3-bip-template (branch felix-bip-ros-one-engine) we synthesized the BIP Model and the needed code to run all the components within the BIP Engine.
Video
Follow this first video for an example of what Minnie does and this second video
of the BIP monitor stopping the robot when the Velodine PCL is being
delayed (this is induced with a fault injection velodine::SetDelay 2000000
).
BIP Monitor Code
The monitor (as a patch to apply to the BIP model automatically synthesized) is the following:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
--- gps_IMUDriver_joystick_Navigation_pom_PotentialField_rmp440_velodyne_SafetyPilot_BIPGenoM3.bip.orig 2019-10-01 14:07:03.000000000 +0200
+++ gps_IMUDriver_joystick_Navigation_pom_PotentialField_rmp440_velodyne_SafetyPilot_BIPGenoM3.bip 2019-10-01 14:10:00.852929068 +0200
@@ -16355,6 +16355,9 @@
export port Port spawn()
export port Port norequest()
export port Port immediate()
+// monitor
+ export port Port urgentXXX()
+// end monitor
export port Port clear()
export port Port launch()
export port Port finished()
@@ -16436,7 +16439,10 @@
log_, log_2,
log_stop_, log_stop_2,
free, release
-
+//monitor
+, Stop_interrupt_2XXX
+//end monitor
+
initial to unspawned
on spawn
@@ -16694,6 +16700,14 @@
do { BIP_rmp440_Stop_control(BIP_cast_activity_in_rmp440_Stop_activity(activity_received)); }
resume
+// monitor
+ on urgentXXX
+ from idle to Stop_interrupt_2XXX
+
+ on inter_Stop
+ from Stop_interrupt_2XXX to free
+// end monitor
+
on inter_Stop
from Stop_interrupt to free
//eager
@@ -19182,6 +19196,12 @@
/* receive request */
connector singleton_exp request_connect_port_rmp440(control_rmp440.req_connect_port)
+
+// monitor
+
+connector singleton_exp emergency_stopXXX(control_rmp440.urgentXXX)
+
+// end monitor
/* receive request */
@@ -19779,6 +19799,11 @@
export port take_res_odoAndAsserv_MotionTask_rmp440.exp as take_res_odoAndAsserv_MotionTask_rmp440_exp_
export port give_res_odoAndAsserv_MotionTask_rmp440.exp as give_res_odoAndAsserv_MotionTask_rmp440_exp_
export port too_many_activities_rmp440.exp as p_rmp440
+// monitor
+
+export port emergency_stopXXX.exp as emergency_XXX
+
+// end monitor
end
@@ -19813,6 +19838,11 @@
connector singleton_exp take_res_odoAndAsserv_MotionTask_rmp440_link (rmp440_.take_res_odoAndAsserv_MotionTask_rmp440_exp_)
connector singleton_exp give_res_odoAndAsserv_MotionTask_rmp440_link (rmp440_.give_res_odoAndAsserv_MotionTask_rmp440_exp_)
+// monitor
+
+connector singleton_exp emergency_exp_XXX (rmp440_.emergency_XXX)
+
+//
/* priorities */
priority no_slot_0_rmp440 no_slot_rmp440:* < request_Init_1_rmp440_link:*
@@ -19839,6 +19869,11 @@
export port take_res_odoAndAsserv_MotionTask_rmp440_link.exp as take_res_odoAndAsserv_MotionTask_rmp440_
export port give_res_odoAndAsserv_MotionTask_rmp440_link.exp as give_res_odoAndAsserv_MotionTask_rmp440_
+// monitor
+
+export port emergency_exp_XXX.exp as emergency_expXXX
+// end monitor
+
end
/* component velodyne types */
@@ -26073,11 +26108,53 @@
export port give_res_StopSMAAO_WriteSpeedInPort_2_SafetyPilot_link.exp as give_res_StopSMAAO_WriteSpeedInPort_2_SafetyPilot_
end
+
+// monitor
+
+atom type propertyXXX()
+
+ clock c unit millisecond
+ export port Port scanXXX()
+ export port Port reportXXX()
+
+ place idle, busy//, err
+
+ initial to idle
+
+ on scanXXX
+ from idle to busy
+ do {c = 0;}
+
+ on scanXXX
+ from busy to busy
+ provided (c<= 2000)
+ do {printf("propertyXXX <= 2000.\n"); c = 0;}
+
+ on reportXXX
+ from busy to idle //err
+ provided (c> 2000)
+ do { printf("propertyXXX > 2000.\n");}
+
+end
+
+// end monitor
+
/* all modules */
compound type Compound_gps_IMUDriver_joystick_Navigation_pom_PotentialField_rmp440_velodyne_SafetyPilot()
+// monitor
+
+// first instance of write scan
+ component propertyXXX prop_1XXX()
+
+// second instance
+ component propertyXXX prop_2XXX()
+
+// end monitor
+
+
component Compound_gps Compound_gps_()
component Compound_IMUDriver Compound_IMUDriver_()
@@ -26562,13 +26639,13 @@
point_cloud_velodyne.take,
point_cloud2_velodyne.take)
-connector sync3 give_res_velodyneGetOneScanEnd_GetScans_velodyne_ports_1(Compound_velodyne_.give_res_velodyneGetOneScanEnd_GetScans_1_velodyne_,
- point_cloud_velodyne.give,
- point_cloud2_velodyne.give)
-
-connector sync3 give_res_velodyneGetOneScanEnd_GetScans_velodyne_ports_2(Compound_velodyne_.give_res_velodyneGetOneScanEnd_GetScans_2_velodyne_,
- point_cloud_velodyne.give,
- point_cloud2_velodyne.give)
+// connector sync3 give_res_velodyneGetOneScanEnd_GetScans_velodyne_ports_1(Compound_velodyne_.give_res_velodyneGetOneScanEnd_GetScans_1_velodyne_,
+// point_cloud_velodyne.give,
+// point_cloud2_velodyne.give)
+
+// connector sync3 give_res_velodyneGetOneScanEnd_GetScans_velodyne_ports_2(Compound_velodyne_.give_res_velodyneGetOneScanEnd_GetScans_2_velodyne_,
+// point_cloud_velodyne.give,
+// point_cloud2_velodyne.give)
connector sync2 take_res_InitStructSP_pilot_SafetyPilot_ports(Compound_SafetyPilot_.take_res_InitStructSP_pilot_SafetyPilot_,
@@ -26653,6 +26730,22 @@
connector sync2 give_res_StopSMAAO_WriteSpeedInPort_SafetyPilot_ports_2(Compound_SafetyPilot_.give_res_StopSMAAO_WriteSpeedInPort_2_SafetyPilot_,
Cmd_SafetyPilot.give)
+// monitor
+
+connector sync4 give_res_velodyneGetOneScanEnd_GetScans_velodyne_ports_1(Compound_velodyne_.give_res_velodyneGetOneScanEnd_GetScans_1_velodyne_,
+ point_cloud_velodyne.give,
+ point_cloud2_velodyne.give,
+ prop_1XXX.scanXXX)
+
+connector sync4 give_res_velodyneGetOneScanEnd_GetScans_velodyne_ports_2(Compound_velodyne_.give_res_velodyneGetOneScanEnd_GetScans_2_velodyne_,
+ point_cloud_velodyne.give,
+ point_cloud2_velodyne.give,
+ prop_2XXX.scanXXX)
+
+connector sync2 emergency_measure(prop_1XXX.reportXXX, Compound_rmp440_.emergency_expXXX)
+connector sync2 emergency_measure_2(prop_2XXX.reportXXX, Compound_rmp440_.emergency_expXXX)
+
+// end monitor
end
BIP Traces
The explanation of the sequence of events leading to the emergency stop of the robot is here:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
***************************
Monitor does not find any problem.
***************************
propertyXXX <= 2000.
....
[GenoM3] velodyne Calling velodyne_codel_service_GetScans_end codel.
Got a PointCloud of 18432 width, 1 height, size 18432.
[GenoM3] velodyne Exiting velodyne_codel_service_GetScans_end codel with ::velodyne::wait.
....
***************************
Speed is produced by PotentialField as expected
***************************
PF cmd: l 0.360360 m/s, a -3.798609 deg/s.
[BIP ENGINE]: WARNING: state #5372576 and global time 12min26s816ms780us989ns: violation of the following timing constraint ROOT.Compound_PotentialField_.PotentialField_.StartTrackTargetPort_PotentialField_inst_1:
..................................................................................
[BIP ENGINE]: WARNING: state #5372640 and global time 12min26s826ms418us572ns: violation of the following timing constraint ROOT.Compound_velodyne_.velodyne_.StartPoseProcessing_velodyne_inst_2:
***************************
Speed is validated by SafetyPilot
***************************
Sending safe command: l 0.36036 m/s, a -3.87959 deg/s.
.....
[BIP ENGINE]: WARNING: state #5372664 and global time 12min26s829ms11us437ns: violation of the following timing constraint ROOT.Compound_Navigation_.Navigation_.GotoNode_Navigation_inst_1:
..................................................................................
[BIP ENGINE]: WARNING: state #5375644 and global time 12min27s265ms544us809ns: violation of the following timing constraint ROOT.Compound_gps_.gps_.perm_io_gps:
....
***************************
We send the SetDelay command
***************************
...
[BIP ENGINE]: ROOT.Compound_PotentialField_.PotentialField_.StartTrackTargetPort_PotentialField_inst_1 resume [ -INFTY, 12min27s264ms952us841ns ]
...
[BIP ENGINE]: WARNING: state #5375932 and global time 12min27s309ms870us794ns: violation of the following timing constraint ROOT.Compound_velodyne_.velodyne_.GetScans_velodyne_inst_2:
...
***************************
The SetDelay request has been executed.
***************************
...
[BIP ENGINE]: WARNING: state #5375959 and global time 12min27s314ms182us292ns: violation of the following timing constraint ROOT.Compound_gps_.gps_.perm_io_gps:
..................................................................................
propertyXXX <= 2000.
[BIP ENGINE]: WARNING: state #5376193 and global time 12min27s347ms697us691ns: violation of the following timing constraint ROOT.Compound_PotentialField_.PotentialField_.StartTrackTargetPort_PotentialField_inst_1:
Got a PointCloud of 19968 width, 1 height, size 19968.
***************************
The codel (which writes the PCL port) is being delayed, so PCL above is not published.
***************************
Starting 2000000 delay.
[BIP ENGINE]: WARNING: state #5376210 and global time 12min27s350ms238us328ns: violation of the following timing constraint ROOT.Compound_rmp440_.rmp440_.Track_rmp440_inst_2:
..................................................................................
[BIP ENGINE]: WARNING: state #5388409 and global time 12min29s343ms736us482ns: violation of the following timing constraint ROOT.Compound_rmp440_.rmp440_.Track_rmp440_inst_2:
propertyXXX > 2000.
***************************
The propery is being triggered in the BIP engine (see above)
exactly when the 2 seconds have elapsed (see below).
***************************
Ending 2000000 delay.
[BIP ENGINE]: WARNING: state #5388434 and global time 12min29s348ms75us105ns: violation of the following timing constraint ROOT.Compound_Navigation_.Navigation_.GotoNode_Navigation_inst_1:
......
[BIP ENGINE]: WARNING: state #5388466 and global time 12min29s352ms728us417ns: violation of the following timing constraint ROOT.Compound_PotentialField_.PotentialField_.StartTrackTargetPort_PotentialField_inst_1:
......
[BIP ENGINE]: WARNING: state #5388486 and global time 12min29s355ms544us686ns: violation of the following timing constraint ROOT.Compound_velodyne_.velodyne_.GetScans_velodyne_inst_2:
***************************
next rmp440 step is to stop the robot (12ms after the previous loop and 5ms after monitor triggered).
***************************
[GenoM3] rmp440 Calling rmp440_codel_service_Track_stop codel.
rmp440 StopTrack