Hybrid Systems Controller Synthesis
Examples
EE291E Tomlin/Sastry
Example 1: Aircraft Collision Avoidance
Two identical aircraft at fixed altitude & speed:
y
x
u
v
y
v
d
‘evader’ (control)
‘pursuer’ (disturbance)
Continuous Reachable Set
y
x
y
Collision Avoidance Filter
Simple demonstration
– Pursuer: turn to head toward evader
– Evader: turn to head right
evader’s actual input
safety filter’s
input modification
unsafe set
collision set
pursuer
evader
evader’s desired input
pursuer’s input
Movies…
Collision Avoidance Control
http://www.cs.ubc.ca/~mitchell/ToolboxLS/
Overapproximating Reachable Sets
Exact:
Approximate:
Overapproximative reachable set:
[Khrustalev, Varaiya, Kurzhanski]
•
•
•
Polytopic overapproximations for nonlinear games
Subsystem level set functions
“Norm-like” functions with identical strategies to exact
[Hwang, Stipanović, Tomlin]
~1 sec on 700MHz Pentium III (vs 4 minutes for exact)
Can separation assurance be automated?
Requires provably safe protocols for aircraft interaction
Must take into account:
• Uncertainties in sensed information, in actions of the other vehicle
• Potential loss of communication
• Intent, or non-intent
Example 2: Protocol design
unsafe set without maneuver
safe
unsafe
unsafe set with choice
to maneuver or not?
?
unsafe set with maneuver
Protocol Safety Analysis
• Ability to choose maneuver start time further reduces unsafe set
safe with switch
unsafe with or
without switch
safe without switch
unsafe to switch
Implementation: a finite automaton
• It can be easier to analyze discrete systems than continuous:
use reachable set information to abstract away continuous
details
q5
safe at present
always safe
safe to s1
q5
qu
qs
SAFE
q3
q4
q2
q1
controlled transition (s1)
forced transition
q3
q4
safe at present
will become unsafe
safe to s1
safe at present
always safe
unsafe to s1
q1
q2
safe at present
will become unsafe
unsafe to s1
unsafe at present
will become unsafe
unsafe to s1
qu
UNSAFE
Example 3: Closely Spaced Approaches
Photo
courtesy
of Sharon
Houck
Example 3: Closely Spaced Approaches
EEM Maneuver 1: accelerate
[Rodney Teo]
EEM Maneuver 2:
turn 45 deg,
accelerate
EEM Maneuver 3:
turn 60 deg
evader
Sample Trajectories
Segment 2
Segment 1
Segment 3
Tested on the Stanford DragonFly UAVs
Dragonfly 2
Dragonfly 3
Ground Station
Tested at Moffett Federal Airfield
North (m)
Accelerate and turn EEM
Put video here
Separation distance (m)
East (m)
EEM alert
Above
threshold
time (s)
Tested at Moffett Federal Airfield
North (m)
Coast and turn EEM
Put video here
Separation distance (m)
East (m)
EEM alert
Above
threshold
time (s)
Tested at Edwards Air Force Base
T-33 Cockpit
[DARPA/Boeing SEC Final Demonstration:
F-15 (blunderer), T-33 (evader)]
Photo courtesy of Sharon Houck;
Tests conducted with Chad Jennings
Implementation:
Display design courtesy of
Chad Jennings, Andy Barrows,
David Powell
R. Teo’s Blunder Zone is
shown by the yellow contour
Red Zone in the green tunnel
is the intersection of the BZ
with approach path.
The Red Zone corresponds to
an assumed 2 second pilot
delay. The Yellow Zone
corresponds to an 8 second
pilot delay
R. Teo’s Blunder Zone is
shown by the yellow contour
Red Zone in the green tunnel
is the intersection of the BZ
with approach path.
The Red Zone corresponds to
an assumed 2 second pilot
delay. The Yellow Zone
corresponds to an 8 second
pilot delay
Map View showing a blunder
The BZ calculations are
performed in real time (40Hz)
so that the contour is updated
with each video frame.
Map View with Color Strips
The pilots only need to know
which portion of their tunnel is off
limits. The color strips are more
efficient method of communicating
the relevant extent of the Blunder
zone
Example 4: Aircraft Autolander
Aircraft must stay within safe flight envelope during landing:
–
–
–
–
Bounds on velocity ( ), flight path angle ( ), height ( )
Control over engine thrust ( ), angle of attack ( ), flap settings
Model flap settings as discrete modes
Terms in continuous dynamics depend on flap setting
body frame
wind frame
inertial frame
Autolander: Synthesizing Control
For states at the boundary of the safe set, results of
reach-avoid computation determine
– What continuous inputs (if any) maintain safety
– What discrete jumps (if any) are safe to perform
– Level set values and gradients provide all relevant data
Application to Autoland Interface
• Controllable flight envelopes for landing and Take Off / Go
Around (TOGA) maneuvers may not be the same
• Pilot’s cockpit display may not contain sufficient information to
distinguish whether TOGA can be initiated
existing interface
controllable TOGA envelope
intersection
flare
TOGA
flaps extended
minimum thrust
flaps retracted
maximum thrust
rollout
flaps extended
reverse thrust
revised interface
controllable flare envelope
flare
TOGA
flaps extended
minimum thrust
flaps retracted
maximum thrust
rollout
slow TOGA
flaps extended
reverse thrust
flaps extended
maximum thrust