Keywords

1 Introduction

Dependability of the robotic information and control system (ICS) is an important contemporary issue, because of wide usage of robotics and complex mechatronic objects nowadays. Robotics is a part of oil and gas production industry, chemical industries, power plants, spacecraft and aircraft, and, its dependability level is crucial very frequently. The failures of such complexes may impact the environment or lead to casualties, so a huge number of efforts has been made to improve the dependability level since the 1940s.

According to the definition, dependability is the ability to deliver service that can justifiably be trusted [1,2,3]. The service delivered by a system is its behavior as it is perceived by its user. The function of a system is what the system is intended to do, and is described by the functional specification. The service is correct when the system function is implemented. A system failure is an event which occurs when the delivered service deviates from the correct one.

Reliability is one of the attributes of dependability and relates to the service continuity. Practically, the measure of reliability is a reliability function – the probability that an object will be functioning beyond the specified time [4]. So, the reliability function improving is a way to achieve the dependability of acceptable level.

Besides this, the fault tolerance must be taken into account as a means of obtaining dependability. In practice, fault-tolerance is implemented by the system redundancy: first studies relate to the works of von Neumann, Moore and Shannon [5, 6], and their successors, who developed theories of using redundancy to build reliable logic structures from less reliable components. Nowadays the structural redundancy is used almost everywhere, although it has some disadvantages, which are: system weight, cost, and resource utilization issues in general [7].

Within this paper the reconfigurable ICSs with performance redundancy and decentralized dispatching (for more detailed information see [8,9,10]) are under consideration. The current research contains the novel approach to dependability improvement through the particular way of configuration forming. As it will be shown below, the proposed method is based on an assumption that with reducing the number of objective functions the solution quality is improved in terms of other objective functions. As the objective function presence is mandatory for the configuration forming problem, we can deliver its implementation by the third-party facilities, which also will be described precisely.

The current paper also contains an improved formal model of the configuration forming problem, which is clarified in comparison with [11, 12], a dependability improvement method description, some simulation results and discussion.

2 Reconfigurable ICS with Performance Redundancy

The main difference between structural and performance reservation approaches is that structural redundancy proposes the presence of reserve elements within the system, and performance redundancy operates with the elements with additional performance. The principles of performance redundancy are described more precisely in [10, 12]. The concept of the performance redundancy is the cause of the reconfiguration procedure design: the system deals with the redistribution of computational tasks from the faulted computational node to the operational ones. While ICS operates in the circumstances of real time, the term “configuration” becomes one of the key terms of the system.

In the scope of this paper the configuration is the way to distribute the monitoring and control tasks (MCTs) among the computational units (CU) of ICS. Such resource allocation must be implemented according to the data exchange constraints between MCTs and other constraints which are given by hardware and software system implementation.

In case of CU failure its MCTs must be launched on other CUs, and, besides, those MCTs can be allocated on more than one CU.

Such reconfiguration scheme relates to the system reliability function: the one’s value depends on CU temperature, which grows with loading increasing:

$$ P_{CU} = P_{CU0}^{{2^{{k_{d} \cdot D/10}} }} , $$
(1)

where P CU – reliability function value of loaded CU, P CU0 – reliability function value of CU without loading, k d – temperature dependency on loading ratio, D – CU loading.

So, the spreading of MCTs between CUs with load balancing affects the system reliability, and load-balancing criteria should be included into the multicriteria objective function.

As was mentioned above, configurations are the key term of the chosen class of ICSs.

Decentralized monitoring and control of the ICS is implemented by multiagent system. Each agent is associated with its own CU, and each agent on the initialization stage of the ICS has an access to the list of possible system configurations, which are formed on the design stage of the system.

Configuration forming problem is discussed in detail in [11, 12], but it seems to be a little bit cluttered. The new simplified version of generalized configuration problem forming model will be presented below, and then the approach of dependability improvement will be presented.

3 Configuration Forming Problem

There are N MCTs with computational complexities g i , M CUs with equal performance m j , U = {u ij } – the percentage of j CU performance allocated for the i MCT, T – planned completion time for the N MCTs, F = {f k }, \( k \in \{ 1, \ldots M\} \), – the set of simultaneously failed CUs.

Through the resource allocation every MCT links to the CU, and it can be described by the following tuple:

a i  = <j, u ij , t i > , where j – the CU identificator, u ij – the allocated resource ratio, t i – the time of MCT i accomplishment.

So, the set A = {a i } determines the configuration of ICS before failure, the set \( A^{{\prime }} \) = { \( a_{i}^{{\prime }} \) } determines the configuration of ICS after the reconfiguration. In fact, A’ is the solution of configuration forming problem, and \( a_{i}^{{\prime }} \) – the tuples which describes the new MCT assignments.

The objective functions are as follows.

Firstly, the number of MCTs relocated from the operational nodes must be minimized. In other words, if there is a solution where the MCT’s new assignment propose the relocation of tasks from the operational nodes, we should choose the solution, where the number of such relocations is as small as possible. This objective function can be described with the expressions given below.

Let’s determine the subtraction operator for sets A and \( A^{{\prime }} \) so that:

$$ a_{i} - a_{i}^{{\prime }} = \left\{ {\begin{array}{*{20}c} {0,\,if\,j\,is\,\,equal\,\,to\,\,j';} \\ {1,\,\,otherwise.} \\ \end{array} } \right. $$
(2)

Then:

$$ F_{1} = \sum\limits_{i = 1}^{N} {(a_{i} - a_{i}^{{\prime }} )} \to MIN. $$
(3)

The optimal location in the search space of this objective function means that only MCTs from the faulted node are relocated.

The second objective function is the minimization of the eliminated MCTs. In fact, some MCTs are critical and must be saved during the reconfiguration, and some MCTs are non-critical. But from the system survivability point of view it is extremely preferable to save as much MCTs as possible. So,

$$ F_{2} = |A| - |A^{{\prime }} | \to MIN. $$
(4)

And, finally, the dispersion of CU loadings must be minimized:

$$ F_{3} = \sum\limits_{k = 1}^{K} {u_{kj}^{{\prime }} } - \sum\limits_{l = 1}^{L} {u_{lq}^{{\prime }} } \to MIN,\,\,\forall j,q, $$
(5)

where K is the number of MCTs assigned to the CU j, L is the number of MCTs assigned to the CU q.

The main constraint is that all MCTs must be accomplished within the planned completion time T:

$$ t_{i}^{{\prime }} + \frac{{g_{i} }}{{u_{ij}^{{\prime }} \cdot m_{j} }} \le T,\,\,\forall i,j. $$
(6)

Also the failed CUs must be taken into consideration:

$$ M^{{\prime }} = M - F, $$
(7)

where M’, M and F are the sets of CUs.

And, lastly, the bordering conditions are: all values of the variables are positive,

$$ u_{ij} < 1,u_{ij}^{{\prime }} < 1,\forall i,j. $$

At first glance the problem is similar to the k-partition problem, which has a suitable solving method, but vector objective function makes the problem np-hard with complex and non-trivial search space. Also it must be mentioned that with the increasing of objective function number the quality of solution degrades.

As the preferable attribute of the system is the load balancing, the goal of the configuration forming is to get solutions with as good load balancing as possible. At the same time the other objective functions must be taken into consideration.

It must be mentioned that Service Oriented Architecture (SOA) concept is used in contemporary ICSs, too. Services can be relocated, hence for the SOA-based ICSs there is no need to keep the MCT relocation criteria at all.

The next section contains the approach of dependability improvement description.

4 A Dependability Improvement Approach

The reliability function is one of the dependability attributes, so, with reliability improvement we increase the dependability level. Load balancing affects onto the CU reliability, hence, the solutions of the configuration problem forming should be as good as possible in terms of load balancing.

The configuration forming problem is a three-criterion in our particular case, but, perhaps, if at least one criterion is eliminated, the quality of solutions can be improved.

But the minimization of relocated tasks from the operational nodes is expedient because of MCT context data, which, in case of reconfiguration, must be transferred to the new assigned node through communicational network, and it can take unacceptable time and resources.

The concept of the approach presented is to delegate the MCT context data distribution to the CU agents and to design system configurations without criteria of MCT relocation, while these MCTs are located on the nodes, where they can be launched.

So, when the configurations are obtained, the agents form the list of data distribution and through the regular mode of ICS prepare the actual context for the possible task relocations. As a result, we have a kind of distributed data storage, which needs some additional algorithms for its functioning.

For instance, the steps described below can be done for the context data distribution.

ICS Initialization.

  • CU agent searches the list of configurations for the CU ids, where current CU MCTs can be relocated in case of other node failure. The list of distribution is formed.

  • If the list of distribution is not empty, the “intention” messages are sent.

  • The confirmation messages are received.

  • If the “intention” message was received, the confirmation message is sent to appropriate agent.

ICS Regular Mode.

  • An agent takes the MCT context data and multicasts it according to the list of distribution.

  • An agent receives the context data.

ICS Reconfiguration.

  • The agent loads the new configuration.

  • Search the list of distribution in order to deliver actual context data to the MCTs, which has become active on the current node.

  • Well-timed data delivery.

5 Simulation Results and Discussion

For the simulation a random set of 25 MCTs with computational complexity 10–40 conventional units was generated. MCTs were assigned to the 10 CUs with equal performance. The cases of failures are combinations of one random failure and two random failures simultaneously. The criterion of the solution quality is the load balancing, because of its impact onto the reliability function.

Solutions were got with the simulated annealing technique (in details see [9]). It must be mentioned that the algorithm adaptation used gives the local optimums of the problem. To evaluate the quality of solutions, the equal number of SA iterations was used for both simulations.

The simulation results are given below. On Fig. 1 the maximum CU loadings are shown, Figs. 2, 3, 4, 5 and 6 are the detailed examples of the fruitful usage of the method considered.

Fig. 1.
figure 1

Maximum CU loadings. The x-axis contains cases of CU failures, y-axis contains the loading values. Max 1 – solutions with objective functions (3, 4, 5). Max 2 – solutions with objective functions (4, 5)

Full size image
Fig. 2.
figure 2

CU load level when CU1 and CU3 are failed

Full size image
Fig. 3.
figure 3

CU load level when CU1 and CU5 are failed

Full size image
Fig. 4.
figure 4

CU load level when CU2 and CU8 are failed

Full size image
Fig. 5.
figure 5

CU load level when CU6 and CU7 are failed

Full size image
Fig. 6.
figure 6

CU load level when CU6 and CU8 are failed

Full size image

There is a tendency on Fig. 1 of the difference of maximum loading dispersion growth with the growth of failed CU number. When the failed CU number equals 1, the maximum loadings are rather of the same magnitude. When the number of failed CUs is 2, the difference between solutions with all the criteria and without MCT relocation criterion is more obvious. It is seen that maximum loadings can be decreased, but, in some cases, the criterion removal does not produce any improvements. The probable reason of such behavior is the stochastic search particularity: with the fast, “quenching” temperature schemes the local (not global) optimums are found.

Figures 2, 3, 4, 5 and 6 contain the examples of load balancing with and without MCT relocation criterion. The cases of CU failures are shown on X-axis, and the Y-axis is the CU load level.

It is obvious that some load pikes are smoothen in the circumstances of equal SA iterations number, and we suppose that further, more precise simulations will confirm the revealed tendency.

At the same time, Figs. 1, 2, 3, 4, 5 and 6 allow to confirm, that it is expediently not to use only parallel simulated annealing search to improve the quality of solutions, but, besides this, make a search through the criteria elimination with assumption, that the criteria semantics can be delegated to the software (hardware) component of the system.

6 Conclusions

Within the scope of this paper the approach of the reconfigurable robotic control system dependability improvement was presented, described and discussed. The cornerstone of this approach is to get rid of MCT relocation criteria in multicriteria configuration forming problem and to delegate the semantic of the removed criteria to the software component of the system. Besides this, a new model of the configuration forming problem is given, simulation is done and analyzed briefly. According to the current stage of our study, it is expedient to form configurations not only with parallel search techniques (which allow to choose the best local minima), but also with the approach of “delegated” criterion. As an example, such “delegating” approach improves the solution quality up to the ratio of 1,7 (Fig. 6).