1
Guaranteeing Safety in Semi-autonomous Robotic Systems:
A Formal Approach through Hybrid Systems with Hidden Modes
Domitilla Del VecchioUniversity of Michigan, EECS
MIT, MechE
ICRA 2010, Workshop on Formal Methods
2
Some of Today’s Networked Robotic Systems
Cooperative Active Safety SystemsImperfect Information: From poor/intermittent sensory measurements or missing communication;
Presence of Humans: both “in the loop” and “out of the loop”
Complexity: from interaction between continuous dynamics and logic, imperfect information, large state spaces… Warfare Systems
Despite these challenges, these systems must besafe by design!
How do we performFormal design with humans“out of the loop”?
3
Example: Cooperative Active Safety Cooperative Active Safety Systems
For details on modeling human decision making through hybrid systems:
Del Vecchio et al. IFAC 2002, Automatica 2003, Walton et al. ICRA 2004
cruise run out brake
Worst-case approach: Too Conservative!
Hybrid System with Hidden Modes (HSHM)
Sqi Sqj
¾=a¾=b
¾=a
Sqk
¾=b¾=a
Safety Control Problem for Hybrid Systems with Hidden Modes
4
Available Results from the Literature
• When the state is measured, safety control for hybrid systems has been addressed by several researchers: within an optimal control approach (Tomlin, Pappas, Sastry, Lygeros,…) , within a viability approach (Aubin, Quincampoix, Gao,…),…
• When the state is not measured, these results do not apply.
• Further, Raskin et al. 2006 showed that for hybrid systems with finite state abstractions, the safety control problem has exponential complexity, while for general classes of nonlinear and hybrid systems it is prohibitive
Here: We present a method to tackle safety control for HSHMs
We restrict the class of systems to order preserving systems to lighten the complexity arising from the continuous dynamics
We show how these results apply to the semi-autonomous vehicle collision avoidance system
5
Outline
• Solution of the safety control problem for HSHMs
• Computational Techniques
• Application to semi-autonomous cooperative active safety systems
6
Safety control problem for HSHMs
Sqi Sqj
¾=a¾=b
¾=a
Sqk
¾=b¾=a
Problem 1:(1)
(2) Compute a dynamic feedback π map from the history to maintain the state outside C
Mode-dependent capture set
7
Translation to a perfect information problem
Solution: One solves Problem 2 and then shows that (equivalence)C = C
Prediction-correction estimator
Keeping track of a growing history is prohibitive. Hence, the problem is translated to onewith perfect information introducing a state estimate (LaValle, 2006)
(For details on equivalence: Verma and Del Vecchio, CDC 2009)
State is measured!Problem 2: (1) Compute the Capture set for system
(2) Compute a static feedback map to maintain the state outside
C H
C
8
Algorithmic procedure to compute the mode-dependent capture sets
Example:
Algorithm 1
In general:
9
The dynamic control map
B
Cq1
Cq2
Cq3
¹f (x;¼(x;q1);µ)
¹f (x;¼(x;q2);µ)
Example:
L q
x TL q (x)
Contingentcone
¹f
10
Outline
• Solution of the safety control problem for HSHMs
• Computational Techniques
• Application to semi-autonomous cooperative active safety systems
11
Computability Results
Thm: If every set of fully connected modes in has a supremum, Algorithm terminates
(For details: Verma and Del Vecchio, CDC 2009)
When does Algorithm 1 terminate?
When is each step of Algorithm 1 efficiently computable?
If in every mode the dynamics are given by the parallel compositionof order preserving systems and B is a box, then
“Pre” can be computed with a linear complexity algorithm
q
(For details: Hafner and Del Vecchio, CDC 2009; Del Vecchio et al, ACC 2009)
Cq = Pre(R (q);B), R (q) = reachable set of modes from q
S = (X ;U;D;f )
(X ;· )U = [uL ;uH ] Piecewise
Continuous_x = f (x;u)
f 1 > 0D = [dL ;dH ]
(X ;· )
· ) ·
(X ;· )
input
input
inputinput · ·)
order preserving systems
Computing “Pre”
B
Pre(q;B)L
Pre(q;B)H
Easily computed as the input is fixed!
If for each mode :
S = S1kS2 with Si Order Preserving
B = f (x1;x2) j (x11;x21) 2 [L1;U1]£ [L2;U2]g
q Thm:
Computing the control map
B
Pre(q;B)L
Pre(q;B)H
¼(x;q) =
8<
:
(uL ;uH ) if (x 2 Pre(q;B)L ) ^ (x 2 @Pre(q;B)H )(uH ;uL ) if (x 2 Pre(q;B)H ) ^ (x 2 @Pre(q;B)L )
U otherwise:
xAll inputs are allowed
Must be appliedto avoid entering
(uL ;uH )
CH
14
Outline
• Solution of the safety control problem for HSHMs
• Computational Techniques
• Application to semi-autonomous cooperative active safety systems
15
Application: A semi-autonomous collision avoidance system
Braking Accelb a
®2 = ¯q+d; d2 ¢ = [¡ ¹d; ¹d]
®1 = k1u ¡ k2v21 ¡ k3
B = f (p1;v1;p2;v2) j (p1;p2) 2 [L1;U1]£ [L2;U2]g
This system is order preserving!
16
Application (cont.)Mode estimator
q= q1 = fa;bg q= q2 = fagslice of
slice of
17
Application: Experimental resultHuman control station
C1
Human Driven
Autonomous
Learning of modes: data from 5 different subjects
Braking mode Accel mode
18
Thanks to: Matt McCullough, UG CSE Umich
C1
Human Driven
Autonomous
Application: Experimental result
19
Conclusions We proposed formal safety control design for semi-autonomous systems through HSHMs
B
Cq1
Cq2
Cq3
¹f (x;¼(x;q1);µ)
¹f (x;¼(x;q2);µ)
When the mode is unknown, an equivalent control problemwith *perfect information* was solved to obtain the feedbackmap
The techniques were applied to a semi-autonomous cooperativeactive safety system application
cruise run out brake
When the dynamics are order preserving,computation burden is dramatically reduced
C1
Human Driven
Autonomous
20
Current/Future Work
Software system development forImplementation and final testing onTOYOTA full scale vehicles and test-track(with Caveney and Caminiti at TTC, Ann Arbor)
Extension to complex road configurations and multiple-agent conflict points leveraging discrete-event system theory and solution modules based on partial order structures
Extension of the theory of hybrid automata with imperfect mode information toincorporate discrete control inputs: useful for modeling the monitoring/warning/controlphases of cooperative active safety systems with human-in-the-loop
Open questions: communication delays, stochastic models of human behavior…
21
Acknowledgements
Rajeev VermaPhD Student in the Systems Lab at University of Michigan
Mike HafnerPhD Student in the Systems Lab at University of Michigan
Matt McCullough
Jeffrey Duperrett
Chao Wang
Daniel Clark
Undergraduate students atUniversity of Michigan
Funding: NSF Career Award # CNS-0642719 NSF Goali Award # CMMI-0854907 TOYOTA