Risk and Mitigation of Nondeterminism in Distributed Cyber-Physical Systems | IEEE Conference Publication | IEEE Xplore

Risk and Mitigation of Nondeterminism in Distributed Cyber-Physical Systems


Abstract:

Asynchronous frameworks for distributed embedded systems, like ROS and MQTT, are increasingly used in safety-critical applications such as autonomous driving, where the c...Show More

Abstract:

Asynchronous frameworks for distributed embedded systems, like ROS and MQTT, are increasingly used in safety-critical applications such as autonomous driving, where the cost of unintended behavior is high. The loose coordination between the components in these frameworks gives rise to nondeterminism, where factors such as communication timing can lead to arbitrary ordering in the handling of messages. In this paper, we show that this problem compromises safety and complicates system design in Autoware.Auto 1.0, a popular open-source autonomous driving framework based on ROS 2. We extend the LINGUA FRANCA coordination language to support distributed execution, port Autoware.Auto to LINGUA FRANCA, and show that our solution avoids the identified problems. We assess the performance of our federated runtime implementation and show that it is competitive for this application. We also compare our achievable throughput to ROS 2 and MQTT using microbenchmarks and find that we can match or exceed the throughput of those frameworks while preserving determinism.CCS CONCEPTS• Computing methodologies → Distributed programming languages; • Computer systems organization → Embedded and cyber-physical systems.
Date of Conference: 21-22 September 2023
Date Added to IEEE Xplore: 17 November 2023
ISBN Information:

ISSN Information:

Conference Location: Hamburg, Germany

Funding Agency:


1 Introduction

Frameworks such as the Robot Operating System (ROS) [1] and MQTT [2, 3] are widely used in safety-critical, concurrent, and often distributed cyber-physical applications such as autonomous driving and industrial automation [4–6]. These frameworks are convenient, modular, and their underlying asynchronous coordination mechanism, publish-and-subscribe (pub-sub), is easy to use and not prone to deadlocks. This paper empirically shows that pub-sub is ill-suited for such applications and offers an alternative, based on the open-source coordination language LINGUA FRANCA (LF) [7], which is underpinned by the reactor model [8]. Reactors borrow the best semantic features of established models of computation, such as actors [9], logical execution time (LET) [10, 11], synchronous reactive languages [12], and discrete event systems [13] such as DEVS [14] and SystemC [15]. LF is polyglot in the sense that it mixes LF syntax with target code like C or Python. LF furthers the state of the art by making time a first-class citizen in the programming model and by enabling deterministic interactions between multiple physical and logical timelines [7].

Contact IEEE to Subscribe

References

References is not available for this document.