Closing the Loop: A Simple Distributed Method for Control over Wireless Networks ∗

Miroslav Pajic Shreyas Sundaram Dept. of Electrical & Systems Eng. Dept. of Electrical & Computer Eng. University of Pennsylvania University of Waterloo [email protected] [email protected] Jerome Le Ny George J. Pappas Dept. of Electrical & Systems Eng. Dept. of Electrical & Systems Eng. University of Pennsylvania University of Pennsylvania [email protected] [email protected] Rahul Mangharam Dept. of Electrical & Systems Eng. University of Pennsylvania [email protected]

ABSTRACT Categories and Subject Descriptors We present a distributed scheme used for control over a net- C.2.1 [Computer-Communication Networks]: Network work of wireless nodes. As opposed to traditional networked Architecture and Design—Wireless communication; C.3 [Special- control schemes where the nodes simply route information to purpose and Application-based Systems]: Process con- and from a dedicated controller (perhaps performing some trol systems encoding along the way), our approach, Wireless Control Network (WCN), treats the network itself as the controller. In other words, the computation of the control law is done in General Terms a fully distributed way inside the network. We extend the Algorithms, Design, Theory, Performance, Reliability basic WCN strategy, where at each time-step, each node updates its internal state to be a linear combination of the states of the nodes in its neighborhood. This causes the en- Keywords tire network to behave as a linear dynamical system, with Cooperative control, decentralized control, networked con- sparsity constraints imposed by the . We trol systems, wireless sensor networks demonstrate that with observer style updates, the WCN’s robustness to link failures is substantially improved. Fur- thermore, we show how to design a WCN that can maintain 1. INTRODUCTION stability even in cases of node failures. We also address the Improvements in the capabilities and cost of wireless tech- problem of WCN synthesis with guaranteed optimal perfor- nologies have allowed multi-hop wireless networks to be used mance of the plant, with respect to standard cost functions. as a means of (open-loop) monitoring of large-scale indus- We extend the synthesis procedure to deal with continuous- trial plants [1, 2]. With this technology, sensor measure- time plants and demonstrate how the WCN can be used on a ments of plant variables can be transmitted to controllers, practical, industrial application, using a process-in-the-loop data centers and plant operators without the need for exces- setup with real hardware. sive wiring, thereby yielding gains in efficiency and flexibility for the operator. However, the use of multi-hop wireless net- works in closed-loop feedback control is in its infancy, and is ∗This work has been partially supported by NSF-CNS an active area of research [3, 4]. Wireless Networked Con- 0931239 and NSF-MRI 0923518 grants. It has also been trol Systems (WNCSs) fundamentally differ from standard funded by a grant from the Natural Sciences and Engineer- wired distributed systems in that the dynamics of the net- ing Research Council of Canada (NSERC). work (variable channel capacity, probabilistic connectivity, topological changes, node and link failures) can change the operating points and physical dynamics of the closed-loop system [3, 5]. The most important objective of WNCSs is Permission to make digital or hard copies of all or part of this work for to provide stability of the closed-loop system. An additional personal or classroom use is granted without fee provided that copies are requirement is optimality with respect to some appropriate not made or distributed for profit or commercial advantage and that copies cost function. It is therefore necessary for the network (along bear this notice and the full citation on the first page. To copy otherwise, to with its interfaces to sensors and actuators) to be able to republish, to post on servers or to redistribute to lists, requires prior specific provide some form of guarantee of the control system’s sta- permission and/or a fee. bility in the face of the non-idealities of the wireless links IPSN’12, April 16–20, 2012, Beijing, China. Copyright 2012 ACM 978-1-4503-1227-1/12/04 ...$10.00. and the communication constraints of the wireless network.

25 WCN s1 s1 v1 v2 s1 v1 v2

a1 a1 a1 v5 v5 a2 a2 a2 v4 v3 v4 v3 s2 s2 s2 Plant Controller Plant Plant v6 v6 s3 s3 Controller s3 ...... v9 v9 s v8 v p sp v7 sp v7 8 v am am v 10 a v10 9 m v9

(a) Wired Network Control (b) Wireless Network Controlled System (c) Wireless Control Network

Figure 1: Standard architectures for Networked Control Systems; (a) Wired system with a shared bus and dedicated controller; (b) Red links/nodes - routing data from the plant’s sensors to the controller; Blue links/nodes - routing data from the controller to the plant’s actuators; (c) A multi-hop wireless control network used as a distributed controller.

The most common approach to incorporating WNCSs into order of several seconds to a few minutes and the control the feedback loop is to use it primarily as a communication network is expected to operate at rates of hundreds of mil- medium: the nodes in the network simply route informa- liseconds. While such plants may have as many as 80,000 tion to and from one or more dedicated controllers, which to 110,000 control loops, they are organized in a hierarchal are usually specialized CPUs capable of performing compu- manner such that networks span 10-20 wireless nodes (per tationally expensive procedures (see Fig. 1(b)). The use of gateway) for low-level control [6]. Therefore, in this work dedicated controllers imposes a routing requirement along we focus on the networks with up to a few tens of nodes. one or more fixed paths through the network, which must Furthermore, the networks might be shared among control meet the stability constraints, encapsulated by end-to-end loops (i.e., a node may be involved in several feedback loops), delay requirements [6, 7]. However, this assignment of routes and new feedback loops may be added at run-time. Adding is a static setup, which commonly requires global reorganiza- new communication loops in a standard WNCS could affect tion for changes in the underlying topology, node population the performance of the existing loops, and the system must and wireless link capacities. be analyzed as a whole. Although techniques have been de- Routing couples the communication, computation and con- veloped for compositional analysis of WNCS (e.g., [4]), their trol problems [4, 8, 9]. Therefore, when a new route is re- complexity limits their use in these applications. Therefore, quired due to topological changes, the computation and con- it is necessary to derive a composable control scheme, where trol configurations must also be recalculated. Merely insert- control loops can be easily added and a simple compositional ing a WNCS into the standard network architecture “sensor analysis can be performed at run-time, to ensure that one → channel → controller/estimator → channel → actuator” loop does not affect performance of other loops. requires the addition of significant software support [7, 10], Finally, with the use of asynchronous event triggered net- as the overhead of completely recomputing the computa- work substrates, it is difficult to design, model and analyze tion and control configurations, due to topological changes control networks and also hard, if not impossible, to ver- or packet drops, is too expensive and does not scale. ify performance of a system that consists of several event- triggered loops. On the other hand, full network synchro- 1.1 Wireless Control Design Challenge nization allows the use of Time-Triggered Architectures (TTAs) It should be noted that providing closed-loop stability where communication and computation are scheduled at and performance guarantees for wireless control networks particular instances of time (i.e., time slots) [11]. This sim- is a challenging problem. On one hand, the control sys- plifies modeling of the closed-loop system, which now con- tems community typically abstracts away the systems de- sists of continuous-time physical dynamics and a communi- tails and solves the problem for semi-idealized networks with cation network. With TTA, the closed-loop system can be approximated noise distributions and link perturbations [3, modeled as a switched control system [4], allowing the use 5]. While this approach provides mathematical certainty of existing techniques for switched-system analysis. There- of the properties of the network, it fails to provide a sys- fore, when communication and computation schedules are tematic path to real-world network design. On the other derived, it is possible to determine if the closed-loop system hand, the network systems community uses hardware and is stable (i.e., asymptotically stable or mean square stable) software approaches to address open-loop issues, but these for channel errors, with and/or without permanent link or fail to provide any guarantees to maintaining stability and node failures. performance of closed-loop control. We propose a control scheme over wireless networks that provides closed-loop sta- 1.2 Contributions bility or optimality with respect to standard metrics, while In this effort, we build on the work from [12], in which maintaining ease of implementation in real-world networks. we introduced the Wireless Control Network (WCN), a fun- The applications of interest in this work are industrial damentally new concept where the network itself acts as process control systems (such as natural gas refineries and the controller. We proposed a basic scheme that can be paper pulp manufacturing plants) and building automation used to guarantee closed-loop system stability. We hence- systems. In general, the plant time-constants are on the forth refer to this as the “basic WCN”. Our contribution

26 is focused specifically on four major extensions to the basic invariant model of the form:1 WCN, making it optimal, more robust and practical: x[k + 1] = Ax[k] + Bu[k] + Bwuw[k] 1.) While the basic WCN in [12] provided closed-loop sta- (1) y[k] = Cx[k], bility, the key issue of optimality was not investigated. We n p present here a method to extract an optimal WCN configu- where x ∈ R and y ∈ R denote the plant’s state and m ration, thus providing a greater incentive to adopt WCN in output, u ∈ R is the plant’s (controllable) input, and uw ∈ m 2 industrial control applications. R w is the disturbance input. Accordingly, the matrices 2.) The basic WCN was able to provide stable network con- A, B, Bw, C have suitable dimensions. figurations for a large class of wireless network topologies. Standard dynamical feedback controllers collect the ob- However, it was highly susceptible to packet drops greater served plant outputs y[k] and generate the control input than 1%. In this work, we present significant robustness im- u[k] as the output of a linear system of the form: provements, maintaining stability for packet drop rates up xc[k + 1] = Acx [k] + Bcy[k] to 20% for a specific network topology and plant. This c (2) bridges the gap between the basic WCN and the theoretical u[k] = Ccxc[k] + Dcy[k]. upper bound of robustness to packet drops [13]. The vector xc[k] denotes the state of the controller, and 3.) Furthermore, we propose a method to extract WCN the matrices Ac, Bc, Cc and Dc are designed using standard configurations that maintain stability of the closed-loop sys- tools from control theory, to ensure that the control inputs tem even in presence of node failures. are stabilizing. Depending on the control method used, the 4.) Finally, we illustrate the use of the improved WCN in state of the controller can often be as large as the state of an industrial process control case study. Using a process- the system itself. in-the-loop test-bed we demonstrate its ability to optimally In the above traditional approach to controller design, a control continuous-time physical processes, and to maintain wireless network would simply be placed between the con- system stability under the presence of node and link failures. troller and the plant to carry information back and forth. In this paper, we consider scenarios where the network The goal of our work is to derive a truly networked and topology is already set, and we present algorithms to config- fully distributed control scheme, where the collective compu- ure the WCN to guarantee stability (optimality) for the pre- tation and communication capabilities of the wireless nodes defined topology. In [14] we have investigated a dual prob- are fully leveraged to compute the control inputs in-network. lem, how to synthesize the network so that a stable WCN Intuitively, we propose a simple scheme for each node in the configuration exists. The topological conditions from [14], network to follow (using only information from its nearest along with the results from this work allow for an integrated neighbors at each time-step) that results in the desired net- decentralized wireless control network design framework. work behavior. Essentially, we would like each wireless node to act as a small dynamical controller, with two main dif- 1.3 Organization of the Paper ferences: (i) the state of the controller at each node will The rest of the paper is organized as follows: Sec. 2 de- be constrained to be rather small (in order to account for scribes the concept of the WCN. In Sec. 3 we present a resource and computational constraints), and (ii) in its up- method used to extract optimal WCN configurations. Sec. 4 dates, each node only uses the states of its nearest neigh- and 5 extend the WCN scheme to improve its robustness to bors (which could include the plant’s outputs, if the node is link and node failures. Sec. 6 describes an approach to em- within transmission range of the outputs). Note that the lat- ploy WCN for control of continuous-time process. Finally, in ter condition precludes the need to route information from Sec. 7 we show how the WCN can be used in an industrial, the plant to each controller in order for it to perform its process control application. update. In the rest of this section, we will make these con- ditions more mathematically precise. 1.4 Notation 2.2 Model of the Wireless Control Network We use IN to denote the N × N identity matrix, while I To model the WCN we consider the basic WCN setup from denotes the identity matrix of appropriate dimensions. The Fig. 1(c), where the plant is to be controlled using a multi- notation diag (·) indicates a square matrix with the quan- hop, fully synchronized wireless network with N nodes. In tities inside the brackets on the diagonal, and zeros else- this paper, we extend the proposed scheme to allow for the where. For a√ vector x, kxk denotes the Euclidean norm design of a WCN that applies inputs in an ‘optimal’ manner (i.e., kxk = xT x). Finally, A 0( 0) indicates that (according to a cost function that we will define later). The matrix A is positive (semi)definite. plant model is given by (1), where the output vector y[k] contains the plant’s output measurements provided by the sensors s1, . . . , sp, while the input vector u[k] corresponds to 2. WIRELESS CONTROL NETWORKS the signals applied to the plant by actuators a1, . . . , am. The wireless network is described by a graph G = {V, E}, where 2.1 An Intuitive Overview of the WCN V = {v1, v2, . . . , vN } is the set of N nodes and E ⊆ V × V represents the radio connectivity (communication topology) The role of feedback control is to apply inputs to the plant in the network (i.e., edge (v , v ) ∈ E, if node v can receive (based on observed outputs) in order to elicit the desired j i i information directly from node v ). behavior. The exact mapping between observed behavior j and applied inputs depends on a mathematical model of the 1In Section 6 we will show how continuous-time plants can plant, describing how inputs affect the system (over time). be cast in this framework using discretization. Here, we start with a common discrete-time, linear time- 2We do not have any control over the disturbances.

27 z2 v2 z z2 v2 z2 v2 z2 v2 z 5 z 5 5 z5 v5 z3 v5 z3 v5 z3 v z z4 z4 z4 5 z4 3 v4 v3 v4 v3 v4 v3 v4 v3

v6 v6 v6 v6

z6 z6 z6 z6

v8 z8 v8 z8 v8 z8 v8 z8

ABCDEFFBB ACv4 BEF ACv5 BEF ACv2 BEF z v z v 2 2 2 2 z2 v2 ABCDEFBEB z5 z5 z5

v5 z z3 v5 z z3 v5 z3 4 4 z4 v4 v3 v4 v3 v4 v3 v v6 v6 v6 4 informed about its neighbors states z6 z6 z6 z8 z v updates its state v8 v8 8 v8 z8 4

ACv8 BEF ACv6 BEF ACv3 BEF ACEFBFE

Figure 2: An illustration of the WCN scheme for a simple network.

As mentioned earlier, our scheme views each node vi as the weights wii and wij play the role of Ac and the columns a (small) linear dynamical controller, with (possibly vector) of Bc, respectively. state zi. Each node updates the state of its controller as a To enable interaction between the network and the plant, linear combination of the states of its neighbors and its own each actuator ai applies input ui[k], which is computed as state. The state update for node vi can also include a linear a linear combination of states from the nodes in the neigh- combination of the plant outputs from all plant sensors in borhood of the actuator: vi’s neighborhood. X u [k] = g z [k]. (4) For example, consider the network presented in Fig. 2, i ij j j where at the beginning of a time frame each node has an ∈Nai initial state value denoted by zi (Fig. 2(a)). If each node Once again, note the resemblance of this applied input to maintains a scalar state, the size of the state is just 2 bytes.3 the input applied by a standard controller of the form (2). In the first time slot of a frame (Fig. 2(b)) node v4 transmits Therefore, the behavior of each node in the network is de- its state, and in the second slot node v5 transmits the state, termined by values wij , hij and gij . Aggregating the state th etc. Finally, in the 6 slot node v3 is the last node in the values of all nodes at time step k into the value vector z[k], frame to transmit its state (Fig. 2(g)). This results in a we see that the above individual controllers at each node communication schedule as depicted in Fig. 2(h). After slot collectively cause the entire network to act as a dynamical 6, node v4 is informed about all its neighbors’ states, which controller of the form: enables it to update its state by activating the WCN task.  w11 w12 ··· w1N  The task has to compute the updated state value before the w w ··· w  21 22 2N  node is scheduled for transmission in the next frame. z[k + 1] =  . . . .  z[k]+ th  . . .. .  In the general case, if zi[k] denotes the i node’s state . . . at time step (i.e., communication frame) k, the runtime wN1 wN2 ··· wNN | {z } update procedure is: W X X  h11 h12 ··· h1p  z [k + 1] = w z [k] + w z [k] + h y [k], (3) i ii i ij j ij j h21 h22 ··· h2p v s   j vi j vi +  . . . .  y[k] ∈N ∈N  . . .. .  where the neighborhood of a v is represented as Nv hN1 hN2 ··· hNp and yj [k] is the measurement provided by sensor sj . We will | {z } H model the resource constraints of each node in the network by limiting the size of the state vector that can be main- = Wz[k] + Hy[k] , 4 tained by each node. Note the similarity of the update (3)  g11 g12 ··· g1N  g g ··· g to the state update equation for traditional dynamical con-  21 22 2N  u[k] =  . . . .  z[k] = Gz[k] trollers of the form (2); the state zi[k] plays the role of xc[k],  . . .. .  3 gm1 gm2 ··· gmN Given that standard analog-to-digital converters have a | {z } precision of 12-16 bits, two bytes suffice for scalar values. G 4To present our results, we will focus on the case where each for all k ∈ . Since for all i ∈ {1,...,N}, w = 0 if node’s state is a scalar. The general case, where each het- N ij erogeneous node can maintain a vector state with possibly vj ∈/ Nvi , hij = 0 if sj ∈/ Nvi , and gij = 0 if vj ∈/ Nai different dimensions, can be treated with a natural extension the matrices W, H and G are structured, with sparsity con- of our approach (e.g., see [12]). straints determined by the network topology at design time.

28 Throughout the rest of the paper, we will define Ψ to be the ule, which significantly simplifies closed-loop system design N N N p m N set of all tuples (W, H, G) ∈ R × × R × × R × satis- and enables compositional design and analysis. As long as fying the aforementioned sparsity constraints. Denoting the each node can send additional states in a single transmis- overall system state (plant’s state and states of all nodes sion packet, and schedule computation of additional linear in the network) by xˆ[k] = x[k]T z[k]T T , the closed-loop procedures, adding a new control loop will not affect the system evolves as: performance of the existing control loops. For example, con- sider IEEE 802.14.5 networks that have the maximal packet       A BG x[k] Bw size of 128 bytes. If each plant is controlled using the WCN xˆ[k + 1] = + uw HC W z[k] 0 scheme where all nodes maintain a scalar 16 bit state value, | {z } | {z } | {z } (5) then up to 64 plants can be controlled in parallel. ˆ xˆ[k] ˆ A B In this paper, we provide an enhanced WCN scheme that ˆ ˆ = Axˆ[k] + Buw[k]. maintains all of these desirable properties, and further in- corporates optimality and robustness metrics into the basic To use the WCN runtime scheme it is essential to deter- scheme. mine an appropriate set of link weights (wij , hij and gij ) at design-time, so that the closed loop system is asymptoti- 5 2.2.2 Synchronization Requirements cally stable. When there are no disturbances (i.e., uw[k] ≡ 0), an initial procedure was proposed for the basic WCN For the network sizes considered here, it is necessary to use that guarantees that the closed-loop system is stable, or either hardware-based out-of-band synchronization or some Mean Square Stable (MSS) if the communication links are of the built-in synchronization protocols that guarantee low unreliable.6 synchronization error between neighboring nodes (e.g., the approach described in [17] guarantees that the maximal syn- 2.2.1 Advantages of the WCN chronization error between neighboring nodes is less than 1 µs). Even for 10 µs synchronization error between neigh- The WCN introduces very low communication and com- boring nodes, for large scale networks with the network di- putation overhead. The linear iterative runtime procedure (3) ameter less than 100 nodes, maximal synchronization error is computationally very inexpensive as each node only com- between nodes is less than 1ms, which is significantly smaller putes a linear combination of its value and values of its than standard sampling rates of the plant when WCN is neighbors. This makes it suitable for resource constrained, used. For example, if communication frames that consist of low-power wireless nodes (e.g., Tmote). Furthermore, the 16 slots are used, where each slot is 10 ms wide, the sam- communication overhead is also very small, as each node pling period of the plant equals to 160 ms. In this case, needs to transmit only its own state once per frame. In synchronization errors would take less than 1% of the sam- the case when a node maintains a scalar state it transmits pling period. We employ a synchronized network and use only 2 bytes in each message, making it suitable to combine the RT-Link [18] time synchronized protocol in our evalua- this scheme with periodic message transmissions in existing tion. Time synchronized network protocols are the norm in wireless systems. the control automation industry, and two recent standards, Another key benefit is that the WCN can easily handle WirelessHART[1] and ISA 100.11a [19] utilize a time divi- plants with multiple geographically distributed sensors and sion multiplexing link protocol. actuators, a case that is not easily handled by the “sensor → channel → controller/estimator → channel → actuator” setup commonly adopted in networked control design. The 3. SYNTHESIS OF AN OPTIMAL WCN existence of a centralized controller might impose a require- In this section we present a design-time method to deter- ment that the sampling time of the plant is greater than mine a WCN configuration (i.e., link weights for a network or equal to the sum of communication delays, from sensors with predefined topology) that minimizes effects of the dis- to the controller and from the controller to the actuator, turbances acting on the system. More specifically, consider along with the time required for the computation of the con- the model of the closed-loop system from (5), and assume trol algorithm. The WCN does not rely on the existence of that we want to minimize the influence of the disturbance ˆ ˆ centralized controllers, and inherently captures the case of input uw on the vector yˆ = Cxˆ[k], for some matrix C. For nodes exchanging values with the plant at various points in example, if we would like to focus on minimizing the effects the network. Therefore, when the WCN is used, the network on the plant’s state x, we would define Cˆ =  I 0 . Thus, diameter does not affect the sampling period of the plant. we can consider the vector yˆ as the ‘output’ of the system: Finally, the WCN utilizes a simple transmission schedule ˆ ˆ where each node is active only once during a TDMA cycle xˆ[k + 1] = Axˆ[k] + Buw[k] (6) and the control-loop does not impose end-to-end delay re- yˆ = Cˆ xˆ[k]. quirements. This allows the network operator to decouple the computation schedule from the communication sched- To determine the effect of the disturbance on the system’s outputs, it is necessary to define a unit of measure to capture 5 A linear system x[k +1] = Ax[k] is asymptotically stable if the ‘size’ of discrete-time signals. We will use the norms: for any x[0], limk x[k] = 0. This is equivalent to saying 1/2 →∞ P 2 that all eigenvalues of A have magnitude less than 1. kvk`2 , k∞=0 kv[k]k and kvk`∞ , supk 0 kv[k]k. 6 Furthermore, the notion of a system gain is introduced≥ to The system x[k + 1] = Aθ(k)x[k], where subscript θ(k) describes time-variations caused by (probabilistic) drops of classify the worst-case system response to limited energy in- communication packets, is mean-square stable if for any ini- put disturbances.  2 tial state (x[0], θ(0)), limk E kx[k]k = 0, where the expectation is with respect→∞ to the probability distribution of Definition 1 ([20]). System gains for the discrete-time the packet drop sequence θ(k) [15, 16]. system (6) are defined as:

29 Algorithm 1 Design-time procedure used to extract op- • Energy-to-Peak Gain: γep = sup u 1 kyˆk`∞ k wk`2 ≤ timal WCN configuration • Energy-to-Energy Gain: γ = sup kyˆk ee uw ` 1 `2 k k 2 ≤ 1. Set  > 0, k = 0. Find a feasible point X0, Y0, Υ0 0, ˆ A(W0, H0, G0), such that R(X0, Z, Υ0, Y0) 0, X0  We will require the following result from [21]. 1 Y0− and (W0, H0, G0) ∈ Ψ. If a feasible point does not Theorem 1. Suppose that the system (6) is asymptoti- exist, it is not possible to stabilize the system with this cally stable and consider any nonnegative γ ∈ R. network topology. (a) γep < γ if and only if there exist matrices X 0, Υ  0 and Z such that Υ ≺ γI and 2. At iteration k (k ≥ 0), from Xk obtain the matrix Xk+1 and scalar γ by solving the LMI problem  XZ Aˆ Bˆ  k+1 T Z Υ Cˆ 0 Xk+1 = arg min γk+1 (9) 1   , ,Υ,W,H,G,γ R(X , Z, Υ, X − ) =  T T 1  0 (7) X Z k+1 Aˆ Cˆ X − 0   1 Bˆ T 0 0 I R(X , Z, Υ, LIN(X − , Xk)) 0, (10) Υ ≺ γk+1I, (11) (b) γee < γ if and only if there exists matrices X 0, Υ  0 such that Υ ≺ γ2I and (7) holds for Z = 0. (W, H, G) ∈ Ψ, X 0, Υ  0 (12) if γee is being optimized, add the constraint Z = 0. Only the matrix Aˆ contains the WCN parameters, aggre- gated in the structured matrices W, G, H (from (5)). Our 3. If γk+1 <  stop the algorithm. Otherwise, set k = k+1 goal is to determine matrices W, G, H that satisfy the im- and go to the step 2. posed structural constraints, along with matrices X , Z, Υ, for which the value γ is minimized. The constraint (7) is linear with respect to all variables, asymptotic stability is typically relaxed to settle for mean 1 except the matrix X (due to the presence of the term X − ). square stability (MSS), where the expected value of the norm This term causes the problem of solving the matrix inequal- of the state stays bounded. For the basic WCN, we proposed ity to be non-convex. To ameliorate this issue and efficiently a design-time procedure that can be used to extract a stabi- 1 solve the optimization problem, we linearize the X − term. lizing configuration that guarantees MSS despite unreliable 1 As shown in [21], the Taylor series expansion of X − ‘around’ communication links [12]. For example, consider the system any matrix Xk is from Fig. 3 with a scalar plant, where α = 2 (the plant is 1 1 1 1 unstable), and assume that the link between node v2 and LIN(X − , X ) = X − − X − (X − X )X − . (8) k k k k k the actuator is reliable (i.e., never drops packets). The ba- With the above linearization we obtain a linear matrix sic WCN scheme, where each node maintains a scalar state, inequality (LMI) for the constraint 7. As in [21, 22], we guarantees that the closed-loop system is MSS for probabil- can now define an iterative algorithm to minimize γ, while ities of packet drops ≤ 1.18%. ensuring that the constraint from (7) is satisfied. This is To place this result in context, it is worth comparing it 1 1 achieved by replacing the term X − with LIN(X − , Xk) with the theoretical limit of robustness in lossy networks in each iteration, which results in Algorithm 1. Note that from [13]. The work in [13] considers a system with a plant Aˆ (W, H, G) denotes the matrix Aˆ obtained from matrices controlled by a centralized controller, which is connected to W, H, G as defined in (5). Finally, for γ obtained from the plant using a single wireless link between a sensor and √ Algorithm 1, γ should be used if we had optimized for γee. the controller. In addition, the controller is connected to Consider the sequence {γk}k 0 obtained from Algorithm 1. the actuators with a set of wired connections. It was shown As shown in [21], the linearization≥ from (8) guarantees that that for this setup, the system can not be stabilized with a for each k ≥ 0, in step k + 1 there exists a feasible matrix linear controller for probability of message drops p greater than 1 , where |λ | denotes the maximal norm of in an open neighborhood of the point Xk for which there λ 2 max | max| exists γ, such that γ ≤ γk. Since γk+1 is the minimum in the plant’s eigenvalues (i.e., eigenvalues of A from (1)). For that iteration, it follows that γk+1 ≤ γ. Thus, the sequence the plant from Fig. 3, this would mean that a centralized {γk}k 0 is non-increasing and bounded (γk ≥ 0), mean- controller in the aforementioned setup cannot provide MSS ≥ ing that it will always converge. Since we are optimizing of the plant if the probability of message drops is higher than a convex function over a non-convex set, by linearizing the 25% (since α = 2). This value is significantly larger than the constraints we might obtain a sub-optimal WCN configura- 1.18% value obtained when the basic WCN scheme is used. tion. The final result and the convergence rate depend on We now show how the basic WCN formulation presented the initial point (from Step 1. of the algorithm). Finally, in (3), (4) can be modified to significantly improve tolerance the smallest  for which we can find an optimal controller to packet drops. can be obtained using bisection on the parameter . u[k] x[k+1]= αx[k]+ u[k], y[k] 4. ROBUSTNESS TO LINK FAILURES y[k]= x[k] We now describe the main limitation of the basic WCN, and extend the WCN scheme to improve its robustness to w21 g h link failures. v2 v1 The unreliability of wireless communication links is one w12 of the main drawbacks when wireless networks are used for control. When communication links in the feedback loop fail Figure 3: An example of the WCN: A plant with a according to a given probability distribution, the notion of scalar state controlled by a WCN.

30 4.1 WCN with Observer Style Updates ri ji ri To improve WCN robustness to independent link failures, ji wji we now allow each node in the network to use different zi ξji zi x weights in each time step, depending on which neighbors’ vi ξ x vj w z ji zi w ji ji i transmissions were successfully received. Thus, we define wji vi ji ji vj the update procedure as: Figure 4: Communication over a non-deterministic X 7 zj [k + 1] =w ˜jj zj [k] + w˜jizi[k], (13) channel; (a) A link between nodes vi and vj ; (b) Link i ∈Nvj transformation into a robust control form. wherew ˜ji = 0 if the message from the node vi was not 8 received, or wji otherwise. More importantly,w ˜jj depends vector r[k] of length Nl (where Nl is the number of links), on a newly introduced set of link weights (qji):w ˜jj = wjj − we obtain: P     i q˜ji. Here,q ˜ji = 0 if the message from the node or y[k] or C 0 vj r[k] = J = J xˆ[k]. (15) ∈N z[k] 0 I vi was not received, and qji (a free parameter that will be N carefully designed) otherwise. | {z } Jˆor To model the WCN that employs the above scheme, we or N (N+p) need to model the links in the network. We utilize the ap- Each row of the matrix J ∈ R l× contains up to two nonzero elements, equal to a gain w , h , g or −q . proach proposed in [16], where each unreliable link ξji = t t t t This allows us to model the behavior of the closed-loop (vi, vj ) (i.e., vi → vj ) can be modeled as a memoryless, dis- crete, independent and identically distributed (IID) random system with unreliable communication. Specifically, the up- date equation for each node v is: process ξji. Here, IID implies that the random variables j 9 X X {ξji[k]}k 0 are IID. For each link, these random processes zj [k + 1] = (wjj − µjiqji)zj [k] + µtwtzi[k] ≥ map each transmitted value t into a received value ξ [k]t i v t=(v ,v ) ji ji ji ∈N j i j (see Fig. 4). X X X With this link model, (13) can be described as: + µthtyi[k] + ∆t[k]rt[k] + ∆t[k]rt[k] t=(s ,v ) t=(v ,v ) t=(s ,v ) X X i j i j i j z [k + 1] = (w − ξ q )z [k] + ξ w z [k], j jj ji ji j ji ji i Similarly, the input value applied by each actuator at time i i ∈Nvj ∈Nvj k is: X X Remark 1. If we consider the case with reliable commu- uj [k] = µtgtzi[k] + ∆t[k]rt[k]. nication links, the update procedure for each node v in the j t=(vi,aj ) t=(vi,aj ) network can be described as: Nl X Finally, denoting ∆[k] = diag({∆t[k]}t=1), the above ex- zj [k + 1] = wjj zj [k] + (wjizi[k] − qjizj [k]), (14) pressions can be written in vector form as: i v ∈N j dst z[k + 1] = Wµz[k] + Hµy[k] + Jv ∆[k]r[k], (16) Since the above equation has the standard observer struc- dst ture [23], we refer to this scheme as the WCN with observer u[k] = Gµz[k] + Ju ∆[k]r[k], (17) style updates (as in [24]). where all elements of matrices Wµ, Hµ and Gµ (except the diagonal entries of Wµ) are of the form µjiwji, µjihji and Following the approach from [16], each link described with µjigji, respectively. The diagonal entries of Wµ are of the a random process ξji can be specified with a fixed gain, P dst dst form wjj − i µjiqji. The binary matrices Jv and Ju corresponding to the mean value of the random variable, and ∈Nvj are designed in a way that each row of the matrices selects the zero-mean random part: ξji = µji +∆ji. For example, if each link (i.e., random process ξ ) is described as a Bernoulli elements of the vector ∆[k]r[k] that are added to the linear ji combinations calculated by the nodes and the actuators. If process with probability pji ≤ 1 (i.e., the link delivers the h dst i dst Ju transmitted message with probability pji), then µji = pji we denote J = dst the overall system with unreliable Jv and ∆ji can have values −pji and 1 − pji, with probabilities links can be modeled as: 1−p and p , respectively. Therefore, the above procedure ji ji  A BG   B 0  becomes: xˆ[k +1] = µ xˆ[k]+ Jdst ∆[k]r[k], X X H CW 0 I z [k + 1] = (w − µ q )z [k] + µ w z [k] µ µ N j jj ji ji j ji ji i | {z } | {z } i i ˆ ˆdst ∈Nvj ∈Nvj Aµ J X (18) + ∆ (w z [k] − q z [k]). ji ji i ji j with r[k] given by (15). Now, using the same approach as i ∈Nvj in [16, 12], the following theorem can be proven.

We define rt[k] := (wjizi[k] − qjizj [k]), for each link t = Theorem 2. The system from (18) is MSS if and only if (vi, vj ). Also, for each link t = (si, vj ) we denote rt[k] := exist matrices X , Y 0 and scalars α1, ..., αNl such that (hjiyi[k] − qjizj [k]). After aggregating all of the rt[k]’s in a  X − Jˆdstdiag{α}(Jˆdst)T Aˆ  7 µ 0 (19) A similar update is introduced for nodes that receive sensor ˆ T values. This part has been omitted for ease of exposition. Aµ Y 8 1 Although these weights are technically time varying (i.e., Y = X − (20) they depend on k), we use this notation for simplicity. 2 ˆor 1 ˆor T 9We will address these assumptions later in this section. αi ≥ σi (J )iY− (J )i , ∀i ∈ {1,...,Nl} (21)

31 u[k] x[k+1]= αx[k]+ u[k], y[k] WCN WCN oW CN oW CN (scalar state) ( 2 state) (scalar state) ( 2 state) y[k]= x[k] R R N = 2 pm = 0.69% pm = 0.72% pm = 1.64% pm = 1.82% N = 3 p = 0.74% p = 0.77% p = 1.66% p = 1.88% where (Jˆor) denotes the ith row of the matrix Jˆor. WCNm WCNm moW CN moW CN i u[k] x[k+1]= αxw21[k]+ u[k], y[k] N = 4 p = 0.77% p = 0.79% p = 1.66% p = 1.88% g (scalarm state) (m 2 state) m(scalar state) m( 2 state) y[k]= x[k] h R R A procedure based on LMIs,v2 with thev1 same structure as N = 2 pm = 0.69% pmTable= 0. I72% pm = 1.64% pm = 1.82% Algorithm 1, can be used in thisw case12 to compute a WCN MNAXIMALMESSAGEDROPPROBABILITYWHICHGUARANTEES= 3 pm = 0.74% pm = 0.77% pm = 1.66% pMSSm = 1.88% w FORTHESYSTEMIN IG α = 2 WITHOUT ANDWITH configuration that guarantees MSS21 of the closed-loop system N = 4 pm = 0.77%F . 5p (m = 0).79% pm(WCN)= 1.66% pm = 1.88% g h OBSERVER STYLE UPDATES O v v ( WCN) with error-proneFigure 5. links. An example The of2 difference WCN, a plant from1 with a Algorithm scalar state controlled 1 is by (a) With allTable links I being unreliable a WCN. that in Step 2, the following problemw12 should be solved: MAXIMALMESSAGEDROPPROBABILITYWHICHGUARANTEES MSS FORTHESYSTEMIN FIG. 5 (α = 2) WITHOUT (WCN) ANDWITH WCNOBSERVERWCN STYLE UPDATES oWO CN oW CN Xk+1 = arg min tr(Υ) 2 ( WCN) 2 Figure 5. An example of, WCN,,Υ,W a, plantH,G or with a scalarN (N state+p) controlled by (scalar state) (R state) (scalar state) (R state) where each row ofX theY matrix J l× (similarly a WCN. R N = 2 pm = 1.18% pm = 1.30% pm = 10.46% pm = 17.82% or 1 ∈ 1 asYJ − LINin the(X ‘basic’− , Xk) WCN)≺ Υ, containsX  Y one− or two nonzero N = 3 pm = 1.32% pm = 1.46% pm = 11.24% pm = 17.88% 4 WCN WCN oW CN oW CN such thatelements, the constraints equal to a from gain w (19),(21),(12)t, ht, gt or qt are. valid, N = 4 pm = 1.41% pm = 1.54% pm = 11.46% pm = 17.88% − (scalar state) oW( 2 CNstate) oW(scalar CN state) oW( CN2 state) This approach has enabled theor use ofNl similar(N+p) method as R R where each row of the matrix J R × (similarly N = 2 p = 1.18% ( p3 state)= 1.30% ( p4 state)= 10.46% ( 5p state)= 17.82% or ∈ m Rm R m R m as forJ thein ‘basic’ the ‘basic’ WCN WCN) to model contains the behavior one or of two the nonzero closed- N = 2 p = 20.40% p = 20.48% p = 20.64% where tr(A) denotes the trace of the matrix A. Note that N = 3 pm = 1.32% pmm = 1.46% mpm = 11.24% mpm = 17.88% loop system. Specifically, the update equation4 for each node N = 4 p = 1.41% p = 1.54% p = 11.46% p = 17.88% elements, equal to a gain wt, ht, gt or qt. m mTable II m m the above algorithm adds only one additional− LMI constraint (b) With a reliable link between the node v2 and actuator vj is: AXIMALMESSAGEDROPPROBABILITYWHICHGUARANTEESoW CN oW CN oW CN This approach has enabled the use of similar method as M 3 4 MSS5 for each link in the network. FORTHESYSTEMIN FIG. 5 ((αR=state) 2) WITHRELIABLELINKBETWEEN(R state) (R state) forzj the[k + ‘basic’ 1] = (wjj WCN toµ modelij qji)zj the[k] + behavior ofµtw thetzi[k closed-] − NNODE= 2 v1 AND ACTUATOR (pOBSERVERm = 20.40% STYLEp UPDATESm = 20.-48%OWCN)pm = 20.64% i t=Ω(v ,v ) Figure 5: Maximal probabilities of link failures for 4.1.1loop Validity system. of Specifically, the Assumptions∈NXvj the update equationXi j for each node which the closed-loop systemTable II from Fig. 3 (α = 2) Whilevj developingis:+ theµth modeltyi[k] + of the WCN∆t[k]rt from[k] + (16), we∆t[k]rt[k]. is MSS,MAXIMALMESSAGEDROPPROBABILITYWHICHGUARANTEES when controlled without (WCN) andMSS with t=Ω(si,vj ) t=Ω(vi,vj ) t=Ω(si,vj ) FORTHESYSTEMIN FIG. 5 (α = 2) WITHRELIABLELINKBETWEEN have assumedzj [k + 1] that =X (w alljj links inµij theqji)Xz networkj [k] + are memorylessµtwXtzi[k] − observerNODE v1 styleAND ACTUATOR updates( OBSERVER (oWCN). STYLE UPDATES - OWCN) and independent. Memorylessi v channels cant=Ω(v be,v obtained) if Also, the input value∈NXj applied by eachX actuatori j at time k is: bisection method described in [2], we extracted the maximal channel hopping is used at the network layer [25]. How- probabilities of message drops (p ) for which there exists + µthtyi[k] + ∆t[k]rt[k] + ∆t[k]rt[k]. m ever, the physicaluj[k] placement = ofµtg thetzi[k nodes] + might∆ introducet[k]rt[k]. the probability of link failures is more than 20% (compared t=Ω(si,vj ) t=Ω(vi,vj ) t=Ω(si,vj ) a stabilizing configuration that guarantees MSS. We consid- X t=Ω(v ,a ) X t=Ω(v ,a ) X to 1.5% for the basic WCN). Similarly, going back to the correlation between someX ofi j the network links.Xi j ered two scenarios: In the first scenario, we have compared If theseAlso, IID the assumptions input value are applied not valid by each (or actuator too simplistic), at time k is: discussionbisection frommethod the described beginning in [2],of the we section, extracted we the have maximal shown Finally, denoting with ∆[k] = diag( ∆ [k] Nl ), the the performance of the initial WCN with that of the WCN we must model correlation between links along{ witht } moret=1 inprobabilities this simple ofexample message that drops the ( WCNpm) for performance which there is exists much aboveu [k] expressions = canµ beg z written[k] + in vector∆ form[k] as:r [k]. with observer style updates (denoted oWCN). We considered complex linkj failures (such ast thoset i induced by at Markovt closerthea stabilizing network to that where configurationof the the optimal link that between centralized guarantees plant controllers output MSS. andWe consid- node used for t=Ω(vi,aj ) t=Ω(vi,adstj ) controlered two over scenarios: wireless In links the first (guaranteeing scenario, we MSS have with compared up to process). In thesez[k + cases, 1]X = W anµz approach[k] + Hµy[ similark]X + Jv to∆[ [15]k]r[k can], v1 is also unreliable. The results are presented in Table I. be used, which would result in an exponentialdst numberNl of 25%the packet performance drops). of the initial WCN with that of the WCN Finally, denotingu[k] = G withz[k]∆ + [Jk]∆ =[kdiag]r[k(], ∆t[k] ), the In addition, we have investigated the case where the link additional constraints introducedµ tou deal with{ link failures}t=1 withUsing observer the observer style updates style updates, (denoted oWCN).similar significantly We considered im- above expressions can be written in vector form as: between the plant’s sensor and node v1 is reliable (without (comparedwhere to the all elements linear number of matrices of additionalWµ, Hµ and constraintsGµ (except the provedanythe networkpacket results drops). where were The obtained the results link between for are the presented more plant complex inoutput Table and II.examplesAs node dst from [12], including larger plants with multiple inputs and introduceddiagonal underz[k +entries the 1] = IIDW of µ assumptionWz[µk)] + areH definedµy[ ofk] + independent asJ inv [1].∆[k The]r[k anddiagonal], canv1 is be also noticed, unreliable. the proposed The results scheme aresignificantly presentedimproves in Table I. entries of W are of the formdst w µ q . The outputs, controlled by a mesh network with 9 nodes. memoryless channels).µ Except for very largejj scalei v systems,ij ji systemIn addition, robustness we have to link investigated failures. For the example, case where the theWCN link u[k] = Gµz[k] + Ju ∆[k]r−[k], ∈N j the observer style update proceduredst is practicaldst as the com- between the plant’s sensor and node v is reliable (without binary (0, 1) matrices Jv and Ju areP also defined as in with observer style updates can guarantee1 MSS for the putationwhere of[1], WCN [2],all elements where configurations each ofmatrices row of(W the,WH matricesµ, G, H)µ isand only selectsG requiredµ elements(except the of 5.systemany ROBUSTNESS packet from drops). Fig. 5 even The when results TO the NODE are probability presented FAILURES of in link Table failures II. As at designdiagonal time.the vector entries∆[k] ofr[kW] thatµ) are are definedadded to as the in linear [1]. The combinations diagonal iscanThe more be stability noticed, than 20.5% of the the proposed (compared closed-loop scheme to initial system,significantly 1.5%). describedimproves by (5), entries of W are of the form w µ q . The calculated byµ the nodes and thejj actuators.i v Therefore,ij ji a cansystem be affected robustness by node to link crash failures. failures For (i.e., example, nodes the that WCN stop 4.1.2 Evaluation − ∈N j binaryprocedure (0, 1) based matrices onJ LMIsdst and (similarJdst are to the also previously defined as de- in workingB.with Robustness observer and drop to style Node out updates of Failures the network). can guarantee Currently, MSS for we the have We evaluated the performancev of the proposedu P scheme by [1],scribed) [2], where can beeach used row in of this the case matrices to compute selects a elements stabilizing of consideredsystemThe stability from two Fig. approachesof 5 the even closed-loop when to the deal system, probability with described the of node link by failures failures. Eq. modeling all links as independent Bernoulli processes. To theconfiguration vector ∆[k]r for[k] thethat WCN, are added which to the guarantees linear combinations MSS of the One(4),is more obvious canbe than affected method 20.5% by (comparedto node deal crash with to failuresup initial to k 1.5%). (nodesnode failures that stop is to analyze robustness of the WCN with observer style updates, Pk N closed-loop system. precomputeworking and at drop the outdesign-time of the network). a set of Currently,Nk = we have dif- we firstcalculated analyzed bythe the performance nodes and of the WCNs actuators. with Therefore,N ≥ 2 a j=0 j procedure1) Evaluation: based onTo LMIs analyze (similar robustness to the of previously the WCN with de- ferentconsideredB. Robustness stabilizing two to approaches configurations Node Failures to deal (W with, H node, G) thatfailures. correspond One nodes thatobserver create style a complete updates we graph. analyzed The the WCN performance is used of a for controlscribed) of a can single-state be used in plant this case shown to compute in Fig. 3a stabilizing (with toobvious allThe possible stability method choices of to the deal of closed-loopk withor fewer up to system, failedk node nodes. described failures In this isby to Eq. case, WCN with N 2 nodes that create a complete graph. k N eachprecompute node would a set need of Nk to= maintainj=0 Nkdifferentdifferent stabilizing sets of link α > 1).configuration Node v1 receives for the≥ WCN, the plant which output guaranteesy[k] MSS = x[k of] the (4), can be affected by node crashj failures (nodes that stop The WCN used for control of a single-state plant shown weightsconfigurations for all its(W incoming, H, G), that links. correspond For example, to all if possible each node at eachclosed-loop time-step k system., and the input to the plant is derived working and drop out of theP network).  Currently, we have in Fig. 5 (with α > 1). Node v1 receives the plant output inchoices the WCN of k maintainsor fewer failed a scalar nodes. state, In this a node case witheach noded neigh- as a scaled1) version Evaluation: of theTo transmission analyze robustness of the nodeof thev WCN2 (i.e., with considered two approaches to deal with node failures. One y[k] = x[k] at each time-step k, and the input to the plant borswould would need have to maintain to maintainNk different on the order sets of of linkd · N weightsk different u[k] = gzobserver2[k] for style a scalar updatesg). we Using analyzed the bisection the performance method of a obvious method to deal with up to k node failures is to is taken to be a scaled version of the transmission of the scalarfor all weights. its incoming The switching links (e.g., betweenk if eachN the node precomputed in the WCN sta- from [15],WCN we extracted with N the2 maximalnodes that probabilities create a complete of message graph. precompute a set of Nk = different stabilizing node v2 (i.e., u≥[k] = gz2[k], for some scalar g). Using the bilizingmaintains configurations a scalar state, could a node be withj done=0d neighborsj either by would implementing have drops (pThem) for WCN which used there for exists control a ofstabilizing a single-state configuration plant shown configurations (W, H, G), that correspond to all possible 4 theto detection maintain d algorithmNf different from scalarP [26], orweights). by having The the switching neighbors that ensuresin Fig.It MSS. is 5 worth (with notingα > here1). that Node the onlyv1 differencereceives from the the plant ‘basic’ output WCN · ofbetweenchoices failed nodes ofthek precomputedor broadcast fewer failed thestabilizing news nodes. of configurations In the this failures case couldeach throughout nodebe We consideredy[kcase] = isx that[k two] previouslyat scenarios: each there time-step was In only thek one, first and nonzero scenario, the elementinput we to in eachhave the rowplant of N the matrix Jor. thedonewould network, either need by which to implementing maintain will promptk thedifferent detection all nodes sets algorithmof to link switch weights from to the comparedis taken the performance to be a scaled ofthe version basic of WCN the transmission with that of the for all its incoming links (e.g., if each node in the WCN the WCN with observer style updates (denoted oWCN). We appropriate choice of (W, H, G). node v2 (i.e., u[k] = gz2[k], for some scalar g). Using the maintains a scalar state, a node with d neighbors would have analyzed networks where all the links are unreliable, de- A more sophisticated method for dealing with the node failuresto maintain wouldd beNf todifferent design scalarthe WCN weights). in a The way switching that even scribed with4It is the worth same noting probability here that the of only packet difference drops fromp the(includ- ‘basic’ WCN · between the precomputed stabilizing configurations could be ing the linkscase is between that previously the thereplant was and only the one network nonzero element nodes). in each The row of if some of the nodes fail, the closed-loop system remains the matrix Jor. stable.done either For simplicity, by implementing consider the a detectionWCN that algorithm can deal from with results are presented in Fig. 5(a). In addition, we have in- ˆ a single node failure. Let us denote with Ai the matrix Aˆ vestigated the case where the link between node v2 and the plant’s actuator is reliable (without any packet drops). The from (5) in the case when node i dies. This is equivalent to setting to zero the ith row of matrices W and H, along with results are shown in Fig. 5(b). As can be observed, the pro- th posed scheme significantly improves system robustness to the i column of W and G:  i  link failures. For example, the WCN with observer style up- ˆ A BGIN Ai , i i i , i = 1,...,N, (22) dates guarantees MSS for the system from Fig. 3 even when IN HC IN WIN

32 i Sample Here, IN denotes N × N diagonal matrix, with all ones on Sample the diagonal except at the ith position. A sufficient condition Actuate a) Actuate for system stability in this case is that there exists a positive definite matrix X (and, thus, a common Lyapunov function h T ˆ T ˆ ... h ...

V (ˆx) = ˆx X ˆx) such that X − A X A 0 and Slot0 Slot1 Slot0 Slot1 Slot τ Slot τ ˆ T ˆ X − Ai X Ai 0, i = 1, 2,...N. (23) T b) Therefore, the procedure from the previous section with ad- u(t) ditional N LMI constraints, can be used to extract a stabi- u[k] u[k+1] lizing configuration that can deal with a single node failure. u[k-1] However, in this case it is necessary to design the network in t a way that guarantees that such a stabilizing configuration kT (k+1)T exists. Initial results on these topological conditions have c) been presented in [14]. u(t) u[k] u[k+1]

6. CONTROL OF CONTINUOUS-TIME t PLANTS kT kT+τ (k+1)T Optimal and stabilizing WCN configurations can be ob- tained using algorithms developed from the closed-loop sys- Figure 6: (a) Scheduling sampling/actuation at the tem model (5) that contains a discrete-time model of the start of the slots; (b) Timing diagram for the first plant (1). However, a similar framework can be used for con- type of plant inputs; (c) Plant inputs when actuators trol of continuous-time plants by discretizing the controlled reset the inputs at the beginning of the frames. plant, while taking into account a subtle delay introduced by the communication schedule. To illustrate this, consider where x[k] = x(kT ), k ≥ 0 and a standard continuous-time plant model: Z T τ Z T AcT − Acδ Acδ x˙ (t) = Acx(t) + Bcu(t) A = e , B = e Bcdδ, B− = e Bcdδ. (24) 0 T τ − y(t) = Ccx(t), (27)

n p m When the communication schedule is extracted and the net- with input x(t) ∈ R , output y(t) ∈ R , u(t) ∈ R and 10 work is configured, the matrices A, B and B− obtain fixed- matrices Ac, Bc, Cc of the appropriate dimensions. We values that depend on the continuous-time plant dynamics, denote the sampling period of the plant by T , and we assume communication frame size T (i.e., the sampling period of that all sensors sample the plant outputs at the beginning of the plant) and the utilized communication schedule (as it the zero-th slot (as shown in Fig. 6(a)). We also assume that determines the value for h). all actuators are scheduled to apply their newly calculated th If each actuator applies its current input only until the inputs at the beginning of the h time slot. Note that end of the corresponding frame and then forces its input to h > 0, because from (4) each actuator has to first receive zero until the next actuation slot (i.e., hth slot), the input state values from all of its neighbors, before calculating its signals would have the form shown in Fig. 6(c) (instead of next plant input. Similarly, from (4) h ≥ max(d ), where ai the form from Fig. 6(b)). In this case, the discretized sys- d denotes the number of neighbors of the actuator a . ai i tem could be specified as in (26), (27), with the difference Therefore, the new inputs will be applied to the plant with that B− = 0. Therefore, the discrete-time system takes the the delay τ = hTsl, where Tsl is the size of communication form from (1), and stabilizing and optimal configurations slots. This results in the input signal with the form shown can be obtained using the procedures described in the pre- in Fig. 6(b). Denoting the number of slots in a communica- vious sections. However, due to the delay τ, the resulting tion frame by F , we can write T = FTsl. Using the approach discrete-time system could be uncontrollable, which in the from [3, 5], we describe the system: general case would mean that there is no stabilizing config- uration for the closed-loop system. x˙ (t) = Acx(t) + Bcu(t), In situations where (A, B) is not controllable it is neces- y(t) = Ccx(t), t ∈ [kT + τ, (k + 1)T + τ), (25) sary for all actuators to apply their ‘old’ inputs until new u(t+) = Gz[k], t ∈ {kT + τ, k = 0, 1, 2,...} inputs are available (as shown in Fig. 6(b)). This results in a discrete-time plant that does not have the form from (1), and where u(t+) is a piecewise continuous function and only the previous algorithms cannot be directly employed. How- changes values at time instances kT + τ, k = 0, 1,.... From  T T T ever, by defining a new vector x˜[k] , x[k] u[k − 1] the above equation, the discretized model of the system with the discrete-time system can be described as: the sampling period T can be represented as [23]: AB  B x˜[k + 1] = − x˜[k] + u[k] = A˜ x˜[k] + Bu˜ [k], x[k + 1] = Ax[k] + BGz[k] + B−Gz[k − 1] 0 0 I (26) y[k] = Cx[k], | {z } |{z} A˜ B˜ 10For simplicity we do not model disturbance inputs to the y[k] = C 0 x˜[k] = C˜ x˜[k] plant. However, the approach presented in this section can | {z } readily handle that scenario. C˜

33 the desired slots. This guarantees synchronized actions at all sensors and all actuators. The column, modeled as a continuous-time LTI system along with disturbances and measurement noise was run in Simulink in real-time using Real-Time Windows Target [30]. The interface between the model and the real hardware were two National Instruments PCI-6229 boards which provided analog outputs that correspond to the Simulink model’s out- puts (see Fig. 8(a)). The output signals were saturated between -4V and 4V, due to NI boards limitations. Also, to provide inputs to the Simulink model, the boards sam- pled the analog input signals within range [-4V, 4V], at a 1 kHz rate. Finally, Simulink’s input and output signals were monitored and controlled with 4 sensors and 4 actu- ators positioned according to the distillation column struc- Figure 7: (a) Structure of the distillation column; ture (Fig. 7(a)). In addition, 4 real wireless controller nodes (b) The network topology of the WCN correspond- (v1 − v4) were added, resulting in the topology shown in ing to the sensor and actuator positions. Fig. 7(b).

The above system has the same form as (1) and, there- 7.3 Results fore, we can use the aforementioned algorithms to obtain a From the communication and computation schedules, we stabilizing or optimal configurations of the WCN. obtained the discrete-time plant model using the discretiza- tion procedure from Section 6 (Eqs. (26),(27)), with sam- 7. PROCESS CONTROL APPLICATION pling rate T = 140.64 ms (RT-Link frame size). The WCN has been deployed on a process-in-the-loop test- We first investigated the problem of providing MSS of the bed with a plant running in Simulink and the plant’s sensors closed-loop system with uncorrelated random link failures and actuators connected to analog interfaces (see Fig. 8(a)). and single node failures. Assigning each node to maintain We first describe the plant’s model, then the closed-loop a scalar state, using the procedures from Sections 4 and 5 wireless control test-bed and finally demonstrate the WCN we derived a stabilizing WCN configuration for the topology use for control of the plant. presented in Fig. 7(b) and the discretized LTI plant model. To solve the convex optimization problems we used the CVX, 7.1 Case Study Description a package for specifying and solving convex programs [31]. To illustrate the use of the WCN, we consider the distilla- We were able to obtain only WCN configurations that tion column control (Fig. 7(a)), a well-known process control maintain stability if one of the nodes v1-v3 fails, meaning problem described in [27]. Four input flows (in [mols/s]) are that the constraint from (23) for the node v4 was violated available for the column control: reflux (L), boilup (V ), dis- (without v4 the topology violates the conditions from [14], tillate (D) and bottom flow (B). The goal is to control for existence of a stabilizing configuration). Fig. 9 shows four outputs: x - top composition, x - bottom compo- obtained measurements where the disturbance inputs F, zF D B were set to zero, while we provided periodical pulses to the sition, MD - liquid levels in condenser, and MB - liquid levels in the reboiler (in [mol]). Finally, the column has input L. Although the output of the plant degrades when the node v1 is turned off, the WCN maintains system stabil- two disturbances, feed flow-rate F and feed composition zF . The columns are described using the continuous-time Linear ity. However, if the node v4 is turned off, the system becomes Time Invariant (LTI) model from [27], where the state-space unstable (shown in Fig. 10 - after the node is turned back contains 8 states. Distillation column outputs 8 x 7.2 WCN Experimental Platform D x B We have implemented the WCN scheme on FireFly em- M 6 D M bedded wireless nodes [28] and TI’s MSP430F5438 Experi- B menter Boards, both equipped with IEEE 802.15.4 standard- compliant radio transceivers. FireFly is a low-cost, low- 4 power platform based on Atmel ATmega1281 8-bit micro- controller, while the experimenters board uses a 16-bit MSP430 2

microcontroller. Both platforms can be used for TDMA- Outputs [V] based communication with the RT-Link protocol [18], and 0 support in-band synchronization provided as a part of the protocol. −2 The WCN procedure on each wireless node was imple- mented as a simple task executed on top of the nano-RK, a −4 Real-Time Operating System (RTOS) [29]. The WCN task 0 1000 2000 3000 4000 5000 6000 t [s] had a 140.64ms period, equal to the RT-Link frame size (RT- Link was configured to use 16 slots of size 8.79 ms). Since Figure 9: Plant outputs for a stabilizing WCN con- the WCN requires a TTA, nano-RK has been modified to figuration. Node v1 has been turned off at time enable scheduling of sensing and actuation at the start of t = 1680 s and turned back on at t = 4560 s.

34 Interface between Simulink and WCN Sensors & actuators

network

Figure 8: Process-in-the-loop simulation of the distillation column control; (a) The plant model is simulated in Simulink, while the WCN is implemented on FireFly nodes; (b) Experimental setup used for the WCN validation. on, the system slowly, due to the output saturation, returns of the closed-loop system to link failures. We have also pro- to stability). Finally, we showed that if a node was added, posed a method to extract a stabilizing configuration for connected to actuator a2, sensor s4 and nodes v2, v4, we the WCN that can deal with node failures. Finally, we have could maintain stability if one of the node fails. extended the synthesis procedure to deal with continuous- We also considered optimal WCN design that minimizes time plants, and demonstrated how the WCN can be used on effects of disturbance inputs F, zF . Using Algorithm 1 we an industrial application, using a process-in-the-loop setup computed an optimal WCN configuration for energy to peak with real hardware. In future, we aim to introduce com- minimization. The obtained measurements for a setup with plex control operations (e.g., Kalman filtering, model pre- periodical F impulses are shown in Fig. 11. Fig. 11(b) and dictive control) and investigate heterogeneous nodes with Fig. 11(a) present the plant outputs for the optimal and varied computation/communication capabilities. stable WCN configurations. As shown in Fig. 11(c), the norm of the output controlled with the optimal configuration 9. REFERENCES is almost 5 times smaller than the norm with the stabilizing [1] HART Communication Foundation. Why WCN. WirelessHART? White Paper, Oct. 2007. [2] S. Amidi and A. Chernoguzov. Wireless process 8. CONCLUSION control network architecture overview. White Paper, We have extended the concept of the Wireless Control Mar. 2009. Network, where the network itself acts as a fully distributed [3] J. P. Hespanha, P. Naghshtabrizi, and Y. Xu. A controller. We have first addressed the WCN synthesis prob- survey of recent results in networked control systems. lem to guarantee optimal performance of the plant with re- Proceedings of the IEEE, Special Issue on Technology spect to standard cost functions. Second, by including the of Networked Control Systems, 95(1):138 – 162, 2007. observer style updates in the simple, linear iterative proce- [4] R. Alur, A.D’Innocenzo, K. H. Johansson, G. J. dure, we have been able to significantly increase robustness Pappas, and G. Weiss. Compositional modeling and analysis of multi-hop control networks. IEEE Distillation column output M − Simulink B Transactions on Automatic Control, 56(10):2345–2357, 6000 Oct. 2011. 4000 [5] W. Zhang, M.S. Branicky, and S.M. Phillips. Stability 2000 of networked control systems. IEEE Control Systems

Outputs [V] 0 Magazine, 21(1):84–99, 2001. [6] A. Saifullah, Y. Xu, C. Lu, and Y. Chen. Real-Time −2000 0 1000 2000 3000 4000 5000 6000 7000 8000 t [s] Scheduling for WirelessHART Networks. In 31st IEEE Real-Time Systems Symposium, pages 150 –159, 2010. Distillation column output M − Analog signal B [7] M. Pajic and R. Mangharam. Embedded virtual 5 machines for robust wireless control and actuation. In RTAS’10: 16th IEEE Real-Time and Embedded 0 Technology and Applications Symposium, pages 79–88,

Outputs [V] 2010. [8] G. Fiore, V. Ercoli, A.J. Isaksson, K. Landern¨as, and −5 0 1000 2000 3000 4000 5000 6000 7000 t [s] M. D. Di Benedetto. Multi-hop Multi-channel Scheduling for Wireless Control in WirelessHART Figure 10: Distillation column output MB . Node v4 Networks. In IEEE Conference on Emerging has been turned off at t = 2140 s and back on at Technology & Factory Automation, pages 1 – 8, 2009. t = 2860 s. Top - Simulink signal; bottom - analog [9] A. D’Innocenzo, G. Weiss, R. Alur, A.J. Isaksson, signal, saturated at 4V. K.H. Johansson, and G.J. Pappas. Scalable scheduling

35 Distillation column output x D Distillation column output x D 0.5 0.5 1 1 y 0 y 0 Norm of the plant outputs

−0.5 −0.5 3 0 200 400 600 800 1000 1200 1400 1600 1800 2000 0 200 400 600 800 1000 1200 1400 1600 1800 2000 optimal Distillation column output x Distillation column output x stable 5 B B 0.5 2.5 2 2 y 0 y 0

−5 −0.5 2 0 200 400 600 800 1000 1200 1400 1600 1800 2000 0 200 400 600 800 1000 1200 1400 1600 1800 2000 Distillation column output M Distillation column output M 2 D D 0.05 0.05 1.5 ||y|| 3 3 y 0 y 0

−0.05 −0.05 1 0 200 400 600 800 1000 1200 1400 1600 1800 2000 0 200 400 600 800 1000 1200 1400 1600 1800 2000 Distillation column output M Distillation column output M B B 2 0.2 0.5 4 4 0 y 0 y

−2 −0.2 0 0 200 400 600 800 1000 1200 1400 1600 1800 2000 0 200 400 600 800 1000 1200 1400 1600 1800 2000 0 500 1000 1500 2000 t [s] t [s] t [s]

Figure 11: Distillation column outputs; (a) For a stable WCN configuration; (b) For an optimal WCN configuration (note the axes scales); (c) Comparison of the output vector norms for the stable and the optimal WCN configurations.

algorithms for wireless networked control systems. In automation: Process control and related applications. CASE’09: IEEE International Conference on Standard, 2009. Automation Science and Engineering, pages 409–414, [20] R. E. Skelton, T. Iwasaki, and K.M. Grigoriadis. A 2009. unified algebraic approach to linear control design. [10] S. Graham, G. Baliga, and P.R. Kumar. Abstractions, CRC Press, 1998. architecture, mechanisms, and a middleware for [21] J. Han and R.E. Skelton. An LMI optimization networked control. IEEE Transactions on Automatic approach for structured linear controllers. In Control, 54(7):1490–1503, 2009. Proceedings of the 42nd IEEE Conference on Decision [11] H. Kopetz and G. Bauer. The Time-Triggered and Control, pages 5143–5148, 2003. Architecture. Proceedings of the IEEE, 91(1):112–126, [22] L. El Ghaoui, F. Oustry, and M. Ait Rami. A cone 2003. complementarity linearization algorithm for static [12] M. Pajic, S. Sundaram, G. J. Pappas, and output-feedback and related problems. IEEE R. Mangharam. The Wireless Control Network: A Transactions on Automatic Control, 42(8):1171–1176, New Approach for Control over Networks. IEEE Aug. 1997. Transactions on Automatic Control, 56(10):2305–2318, [23] P.J. Antsaklis and A.N. Michel. Linear Systems. 2011. McGraw Hill, 1997. [13] C. N. Hadjicostis and R. Touri. Feedback control [24] V. Gupta, A. F. Dana, J. Hespanha, R. M. Murray, utilizing packet dropping network links. In Proceedings and B. Hassibi. Data transmission over networks for of the 41st IEEE Conference on Decision and Control, estimation and control. IEEE Transactions on pages 1205–1210, 2002. Automatic Control, 54(8):1807–1819, Aug. 2009. [14] M. Pajic, S. Sundaram, G. J. Pappas, and [25] K. S.J. Pister and L. Doherty. Tsmp: Time R. Mangharam. Topological Conditions for Wireless synchronized mesh protocol. In International Control Networks. In Proceedings of the 50th IEEE Symposium on Distributed Sensor Networks (DSN), Conference on Decision and Control, pages 2353–2360, pages 391–398, 2008. 2011. [26] S. Sundaram, M. Pajic, C.N. Hadjicostis, [15] P. Seiler and R. Sengupta. Analysis of communication R. Mangharam, and G.J. Pappas. The Wireless losses in vehicle control problems. In Proceedings of the Control Network: Monitoring for malicious behavior. American Control Conference, pages 1491–1496, 2001. In Proceedings of the 49th IEEE Conference on [16] N. Elia. Remote stabilization over fading channels. Decision and Control, pages 5979–5984, 2010. Systems & Control Letters, 54(3):237–249, 2005. [27] S. Skogestad and I. Postlethwaite. Multivariable [17] Thomas Schmid, Prabal Dutta, and Mani B. Feedback Control: Analysis and Design. Wiley, 1996. Srivastava. High-resolution, low-power time [28] R. Mangharam, A. Rowe, and R. Rajkumar. FireFly: synchronization an oxymoron no more. In Proceedings A Cross-layer Platform for Real-time Embedded of the 9th ACM/IEEE International Conference on Wireless Networks. Real-Time System Journal, Information Processing in Sensor Networks, IPSN’10, 37(3):183–231, 2007. pages 151–161, 2010. [29] The nano-RK Sensor Real-Time Operating System. [18] A. Rowe, R. Mangharam, and R. Rajkumar. Rt-link: http://nanork.org. A time-synchronized link protocol for energy- [30] Real-Time Windows Target - Run Simulink models on constrained multi-hop wireless networks. In a PC in real time. SECON’06: IEEE Conference on Sensor, Mesh and http://www.mathworks.com/products/rtwt/. Ad Hoc Communications and Networks, pages 402 [31] M. Grant and S. Boyd. CVX: Matlab software for –411, 2006. disciplined convex programming, [19] ISA100.11a: Wireless systems for industrial http://stanford.edu/ boyd/cvx, 2009.

36