Commit 23752225 authored by mirgita.frasheri's avatar mirgita.frasheri Committed by overleaf
Browse files

Update on Overleaf.

parent f2372f6c
Pipeline #57644 passed with stage
in 14 seconds
\documentclass{article} \documentclass{article}
\usepackage{color} \usepackage{color}
\usepackage{gensymb} \usepackage{gensymb}
\usepackage{graphicx}
\begin{document} \begin{document}
\title{Desktop Robotti Digital Twin Scenarios} \title{Desktop Robotti Digital Twin Scenarios}
% %
...@@ -17,7 +18,7 @@ ...@@ -17,7 +18,7 @@
\subsection{Motivation} \subsection{Motivation}
We want to demonstrate the capabilities of our tools, i.e. the co-simulation environment, and the fault injection plugin, with respect to the realisation of the digital twin for the desktop robotti. This can be useful both during robot run-time as well as during robot development, e.g. supervisory safety monitoring, detection of collision zones, and fault injection, respectively. {\color{red} Place argument here, why we're working with the real robot.} We want to demonstrate the capabilities of our tools, i.e. the co-simulation environment, and the fault injection plugin, with respect to the realisation of the digital twin for the desktop robotti. This can be useful both during robot run-time as well as during robot development, e.g. supervisory safety monitoring, detection of collision zones, and fault injection, respectively. {\color{red} Place argument here, why we're working with the real robot.}
The first proposed scenario consists in setting up an experiment in which we are able to test the functionality of the safety monitor in the digital twin in the presence of faulty PT components, such as a proximity sensor. We assume that the DT safety monitor has additional information not present in the PT components, that can come from drones, other DTs of other robots, or perhaps the operator himself. The role of the safety monitor is to send an emergency stop when the distance to the closest obstacles goes below a given threshold. The first proposed scenario consists in setting up an experiment in which we are able to test the functionality of the supervisor safety monitor in the digital twin in the presence of faulty PT components, such as a proximity sensor, or faults in the on board safety monitor. We assume that the DT safety monitor has additional information not present in the PT components, that can come from drones, other DTs of other robots, or perhaps the operator himself. The role of the safety monitor is to send an emergency stop when the distance to the closest obstacles goes below a given threshold.
Note that, a more sophisticated version of the monitor could identify the divergence between the model and the robot, and use that as a trigger for the emergency stop. Note that, a more sophisticated version of the monitor could identify the divergence between the model and the robot, and use that as a trigger for the emergency stop.
In order to get to the safety scenario, we take a step-by-step approach, starting from the simplest setup, in a bottom-up fashion. In order to get to the safety scenario, we take a step-by-step approach, starting from the simplest setup, in a bottom-up fashion.
...@@ -35,16 +36,21 @@ To make them match to a sufficient degree (WHAT IS A SUFFICIENT DEGREE? Depends ...@@ -35,16 +36,21 @@ To make them match to a sufficient degree (WHAT IS A SUFFICIENT DEGREE? Depends
Once we have a digital model capable of representing the real robot with SUFFICIENT FIDELITY - we have a DIGITAL SHADOW. Once we have a digital model capable of representing the real robot with SUFFICIENT FIDELITY - we have a DIGITAL SHADOW.
\subsection{Basic Safety Check} %\subsection{Basic Safety Check}
For this basic safety check the robot calculates its position and reports it. There is not separate localisation oracle. %For this basic safety check the robot calculates its position and reports it. There is not separate localisation oracle.
\subsubsection{Step 1} \subsubsection{Step 1}
This case is to show that the safety monitor on the DT is able to send an emergency stop to the PT-controller, when the PT violates the safety distance. This case is to show that the safety monitor on the DT is able to send an emergency stop to the PT-controller, when the PT violates the safety distance (Figure~\ref{fig:my_label}).
This means that the DT is aware of an obstacle, which the PT is not.
The PT cannot see it because of i.e. a faulty proximity sensor or something "hidden" in the grass, i.e. a small animal or something else. \begin{figure}
\centering
\resizebox{\textwidth}{!}{\includegraphics{scenarios/updated DR Scenarios.001.jpeg}}
\caption{Safety Scenario 1, step 1}
\label{fig:my_label}
\end{figure}
This test works without any changes carried out to the desktop robotti and the controller of the desktop robotti. This test works without any changes carried out to the desktop robotti and the controller of the desktop robotti.
...@@ -67,8 +73,13 @@ This test works without any changes carried out to the desktop robotti and the c ...@@ -67,8 +73,13 @@ This test works without any changes carried out to the desktop robotti and the c
\subsubsection{Step 2} \subsubsection{Step 2}
HARDWARE-IN-THE-LOOP - FAULTY SAFETY SOFTWARE HARDWARE-IN-THE-LOOP - FAULTY SAFETY SOFTWARE
OBSERVE THAT THE ROBOT HITS THE OBSTACLE OBSERVE THAT THE ROBOT HITS THE OBSTACLE, (Figure~\ref{fig:my_label2}).
\begin{figure}
\centering
\resizebox{\textwidth}{!}{\includegraphics{scenarios/updated DR Scenarios.002.jpeg}}
\caption{Safety Scenario 1, step 2}
\label{fig:my_label2}
\end{figure}
\begin{enumerate} \begin{enumerate}
\item Use the FI framework to tamper with the output of the SMDT, such that it has incorrect outputs. \item Use the FI framework to tamper with the output of the SMDT, such that it has incorrect outputs.
\item Set up a physical test environment with ONE obstacle \item Set up a physical test environment with ONE obstacle
...@@ -78,6 +89,13 @@ OBSERVE THAT THE ROBOT HITS THE OBSTACLE ...@@ -78,6 +89,13 @@ OBSERVE THAT THE ROBOT HITS THE OBSTACLE
\end{enumerate} \end{enumerate}
\subsubsection{Step 3} \subsubsection{Step 3}
In Figure~\ref{fig:my_label3}.
\begin{figure}
\centering
\resizebox{\textwidth}{!}{\includegraphics{scenarios/updated DR Scenarios.003.jpeg}}
\caption{Safety Scenario 1, step 3}
\label{fig:my_label3}
\end{figure}
\begin{enumerate} \begin{enumerate}
\item Create a Supervisory Monitor DT (SDT) \item Create a Supervisory Monitor DT (SDT)
\item Use the FI framework to tamper with the output of the SMDT, such that it has incorrect outputs. \item Use the FI framework to tamper with the output of the SMDT, such that it has incorrect outputs.
...@@ -88,6 +106,13 @@ OBSERVE THAT THE ROBOT HITS THE OBSTACLE ...@@ -88,6 +106,13 @@ OBSERVE THAT THE ROBOT HITS THE OBSTACLE
\end{enumerate} \end{enumerate}
\subsubsection{Step 4} \subsubsection{Step 4}
In Figure~\ref{fig:my_label4}.
\begin{figure}
\centering
\resizebox{\textwidth}{!}{\includegraphics{scenarios/updated DR Scenarios.004.jpeg}}
\caption{Safety Scenario 1, step 4}
\label{fig:my_label4}
\end{figure}
\begin{enumerate} \begin{enumerate}
\item Use the FI Framwork to tamper with the output of the RMQFMU, such that it gives wrong location outputs \item Use the FI Framwork to tamper with the output of the RMQFMU, such that it gives wrong location outputs
\item Create a "correctInformationFMU" that gives the correct location \item Create a "correctInformationFMU" that gives the correct location
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment