Transcript Hierarchical Hybrid System Design of Flight Management

Hybrid System Design and Implementation
Methodologies for Multi-Vehicle Multi-Modal Control
Shankar Sastry, Thomas Henzinger and EdwardLee
Alberto Sangiovanni Vincentelli
Department of Electrical Engineering and Computer Sciences
University of California at Berkeley
5/99
DARPA Software Enabled Control, UC Berkeley
Statement of Work


Thrust I: Experimental Evaluation of Multi-Vehicle Control
System Designs. Run Time Executions:
1. Mode Switching in UAVs: flight envelop protection,
survivability in normal modes of operation.
2. Degraded Modes of Operation: loss of communication,
loss of individual sensors, actuators.
3. Multiple UAV Coordination: formation flying, pursuitevasion scenarios.
Thrust II Multi-modal Control Derivation and Analysis.
Design Tools. Design Tools:
1. Algorithmic Analysis for Nonlinear Hybrid Control
2. Hierarchical Hybrid Control Design, Modular techniques
3. Model Reduction and Conservative Approximatons
Statement of Work Part II

Thrust III: Hybrid Model Simulation and Implementation on
the Open Control Platform. Run Time Implementation.
1. Hybrid Multi-Vehicle Model Simulation: mixed models of
computation.
2. Structuring Mechanisms for Hybrid Models: for managing
complexity.
3. Executability of Hybrid Models: determinacy,
receptiveness.
4. Architectural Mapping and Real time Analysis of Hybrid
Control Designs: mapping “proven” designs onto OCP and
to provide “guarantees” for different implementations:
synchronous at low level, Corba/Tao at networked level?
5. Robustness and Error Analysis of Hybrid Control
Designs.
Statement of Work Part II

Thrust III: Hybrid Model Simulation and Implementation on
the Open Control Platform. Run Time Implementation.
1. Hybrid Multi-Vehicle Model Simulation: mixed models of
computation.
2. Structuring Mechanisms for Hybrid Models: for managing
complexity.
3. Executability of Hybrid Models: determinacy,
receptiveness.
4. Architectural Mapping and Real time Analysis of Hybrid
Control Designs: mapping “proven” designs onto OCP and
to provide “guarantees” for different implementations:
synchronous at low level, Corba/Tao at networked level?
5. Robustness and Error Analysis of Hybrid Control
Designs.
Statemement of Work Part III

Thrust IV: Probabilistic Design and Active Fault Handling
for Hybrid Systems. Design Time / Real Time.
1. Probabilistic Control: when specs cannot be met
deterministically.
2. Probabilistic Analysis: probabilistic estimates of safe and
desired behavior.
3. On-line Customization of Control: Active Hybrid Control:
“adaptive control” during operation of system, embedding
design abstractions.
System Configuration
Wireless LAN
TCP/IP
WIRELESS
HUB
GROUNDSTATION
VIRTUAL COCKPIT
TCP/IP
GRAPHICAL
EMMULATION
Motivation

Goal
– Design a multi-agent multi-modal control system for
Unmanned Aerial Vehicles (UAVs)
• Intelligent coordination among agents
• Rapid adaptation to changing environments
• Interaction of models of operation
Conflict Resolution
– Guarantee
Collision
Avoidance
Tracking
Error
Envelope
• Safety
Fuel Protection
Consumption
Sensor Time
Failure
• Performance Response
Path
Actuator Following
Failure
Object
Searching
• Fault tolerance
Pursuit-Evasion
• Mission completion
Motivation

Example
– Envelope Protecting Mode
– Normal Flight Mode
Safety
Invariant

Liveness
Reachability
Hierarchical
Hybrid System
System Design Flow









Mission Specifications Path Following/Object Searching/Pursuit-Evasion
Nonlinear Model/Linear Model
System Identification
Controller Synthesis
Envelope Protection/Tracking/Regulation
Hybrid System Synthesis Conflict Resolution/Collision Avoidance/Flight Mode Switching
Hierarchical Hybrid System Synthesis Flight Management System
Verification
Safety/Mission Completion
Simulation
Hierarchical Hybrid System
Embedded System Synthesis
HW/SW+RTOS
Validation Simulation/Emulation
What Are Hybrid Systems?
Dynamical systems with interacting
continuous and discrete dynamics
Why Hybrid Systems?



Modeling abstraction of
– Continuous systems with phased operation (e.g.
walking robots, mechanical systems with collisions,
circuits with diodes)
– Continuous systems controlled by discrete inputs (e.g.
switches, valves, digital computers)
– Coordinating processes (multi-agent systems)
Important in applications
– Hardware verification/CAD, real time software
– Manufacturing, communication networks, multimedia
Large scale, multi-agent systems
– Automated Highway Systems (AHS)
– Air Traffic Management Systems (ATM)
– Uninhabited Aerial Vehicles (UAV), Power Networks
Control Challenges






Large number of semiautonomous agents
Coordinate to
– Make efficient use of common resource
– Achieve a common goal
Individual agents have various modes of operation
Agents optimize locally, coordinate to resolve conflicts
System architecture is hierarchical and distributed
Safety critical systems
Challenge: Develop models, analysis, and synthesis tools for
designing and verifying the safety of multi-agent systems
Hybrid Automata


Hybrid Automaton
H
=
( X
; V ; I n i t ; f ; I n v ; R )
X
=
X C
– State space
в X D
V =
V C
– Input space
в VD
I n i t
– Initial states
т X
n
f : X
V
– Vector field
в
! <
I n v
– Invariant set
т X в V
X
R : X
V
2
– Transition relation
в
!
Remarks:
n
X D ; V D
X
=
–
countable,
C
< ;VC т <
x =
( q ; y )
– State
2 X
– Can add outputs, etc.
m
Executions


Hybrid time trajectory, ь
with
ь 0
=
ь i
ь 0
i
i
1
ф
а
Execution
я
=
( ь ; x ; v )
– Initial Condition:
=
with
x ( ь 0 )
– Discrete Evolution:
f
[ ь i ; ь 0]
i
2
x
– Continuous Evolution: over [ ь

g
i =
!
0
X
; v
: ь
V
!
and
I n i t
x ( ь i+ 1 )
piecewise continuous,
: ь
, finite or infinite
N
xз =
2
R ( x ( ь
0] , x
i ; ь i
0i )
; v ( ь
0i )
)
v
continuous,
f ( x ; v )
and
0
( x ( t) ; v ( t) )
2 I n v ; 8 t 2 [ь i ; ь i )
Remarks:
– x,я v not function, multiple transitions possible
я constant along continuous evolution
– q
– Can study existence uniqueness
– Use E H to denote the set of executions of H
Controller Synthesis





Consider plant hybrid automaton, inputs partitioned to:
– Controls, U
– Disturbances, D
Controls specified by “us”
Disturbances specified by the “environment”
– Unmodeled dynamics
– Noise, reference signals
– Actions of other agents
U
Memoryless controller is a map g : X ! 2
The closed loop executions are
EH
g
=
f
( ь ; x ; ( u ; d ) )
2 EH j 8 t 2
ь ;
u ( t )
2
g ( x ( t ) )
g
Controller Synthesis Problem


Given H and
F
т
X
find g such that
8 ( ь ; x ; ( u ; d ) ) 2 EH g ; 8 t 2 ь ; x ( t ) 2 F
т X is controlled invariant if there exists a
A setW
controller such that all executions starting in W
remain in
W
Proposition: The synthesis problem can be solved iff there
exists a unique maximal controlled invariant set with
I n i t


т
W
т
F
Seek maximal controlled invariant sets & (least restrictive)
controllers that render them invariant
Proposed solution: treat the synthesis problem as a noncooperative game between the control and the disturbance
Gaming Synthesis Procedure



Discrete Systems: games on graphs, Bellman equation
Continuous Systems: pursuit-evasion games, Isaacs PDE
Hybrid Systems: for K ; L т F define
– P reu(K ) т X
states that can be forced to jump to KK
Kby uu
– P re d(K ) т X
states that may jump out of KK for some d
d
u does can be
– R e a c h ( K ; L ) т X states that whatever u
L by ud
continuously driven to KK avoiding L
0
1
W
=
F ; W а
=
; i =
0
Initialization:
;
i
i
1
а
W
=
W
while
do
6
W
i +
1
i =
end
=
W
i +
i
n
1
R e a c h ( P r e u ( W
i
) ; P r e d ( W
i
) )
Algorithm Interpretation
X
( W
i
)
c
P r e d ( W
i
P r e u ( W
i
)
)
R e a c h ( P r e d ( W
i
) ; P r e u ( W
i
) )
Proposition: If the algorithm terminates, the fixed point is
the maximal controlled invariant subset of F
Computation


One needs to computeP r e u , P r e d and R e a c h
Computation of the Pre is straight forward (conceptually!):
invert the transition relation R
P r e u ( K
) =
x
f
2
K
j 9u 2
U ;
R ( x ; ( u ; d ) )
P r e d ( K
) =
f
x
2
X
j
x
8

K
2
u
2
D ; ( x ; ( u ; d ) )
8d 2
т
K
I n v
62
^
g
c
_
U ;
9
d
2
D ; R ( x ; ( u ; d ) )
\
K
c
=
6 ;g
Computation of Reach through a pair of coupled HamiltonJacobi partial differential equations
Reach Set Computation
Can be done one discrete “location”, q 2 X D ,at a time
Assume there exist real valued functions k, l such that
K
=
f
y
2
X
k ( y ) <
j
C
0
g;
=
L
f
y
Solve the partial differential equations:
@J K = @t =
а
@J L = @t =
m in
m in
а
и
и
гK
0 ; H
0 ; H
гL
2
X
C
j
l( y )
ф
0
g
й
й
( y ; @J K = @y )
( y ; @J L = @y )
with initial conditionJ K ( y ; 0 ) = k ( y ) and J L ( y ; 0 ) = l ( y )
where the equations are coupled through their Hamiltonian
H
H
гK
гK
( y ; p ) =
m in m a x p
u
( y ; p ) =
0
2
(and likewise for
U
d
i f
H
гL
2
T
f ( q ; y ; u ; d )
D
J L ( y ; t )
( y ; p )
)
ф
0
i f
J L ( y ; t ) >
0
Transition Systems


Transition System
Define for ы 2 О ;
T
P
P r e ы ( P ) =

=
т
fq 2
( Q ; О ;
!
; Q O ; Q F )
Q
j 9p 2 P
Q
в
Given equivalence relation ш т
T =
ш=
( Q =
ш;
Q
О ;
! ш;
Q O =
a n d
Q

!
ы
define
ш;
Q F =
Q
Q
q
F
O
A ~ block is a union of equivalence classes
ш)
p
g
Bisimulations of Transition Systems
A partition ~ is a bisimulation iff
– Q O ; Q F are ~ blocks
– For all ы
and all ~ blocks P
О
2

Alternatively, for
P 1 ; P 2
2
Q =
ш;
P 1
; P r e ы ( P )
\
P r e ы ( P 2 ) =
Q
Q

F
P r e ы ( Q
O
Why are bisimulations important?
is a ~ block
F
)
;
o r
P 1
Bisimulation Algorithm
initialize : Q = ш =
while 9 P 1 ; P 2 2 Q
define
refine
Q =
R 1
=
; =6 P
ш=
P 1
\
f
=
1
Q O ; Q F ; Q
ш;
\
( Q =
ы
2
n
О
( Q O
Q F
[
such that
P r e ы ( P 2 ) =
ш nf
P 1
6 P 1
g) [ f
P r e ы ( P 2 ) ; R 2
=
P 1
R 1 ; R 2
n

O
P r e ы ( Q
g
P r e ы ( P 2 )
Q
Q
g
F
F
)
If algorithm terminates, we obtain a finite bisimulation
Bisimulation Algorithm


Refinement process is therefore decoupled
Consider for each discrete state the finite collection of sets
A

q
Let S
=
q
f
I ( q ) ; ( X
O
) q; ( X
F
) q
g [ f
G ( e ) ; R ( e ) e
be a partition compatible with A
X =
Initialize
ш= [ S
for each q 2 X
while 9 P ; P 2 S
such that
define R = P \ P r e ( P ) ; R = P
refine S = ( S n f P g ) [ f R ; R
end while; end for
q
j 2
E
P 1
P r e ь( P 2 ) =
g
q
q
D
1
1

ь
1
q
; =6
q
2
q
1
2
2
1
1
2
n
\
P r e ь( P 2 )
g
Algorithm must terminate for each discrete location
6
P 1
Computability & Finitiness

Decidability requires the bisimulation algorithm to
– Terminate in finite number of steps and
– Be computable
 For the bisimulation algorithm to be computable we need to
– Represent sets symbollically,
– Perform boolean combinations on sets
– Check emptyness of a set,
– Compute Pre(P) of a set P
 Class of sets and vector fields must be topologically simple
– Set operations must not produce pathological sets
– Sets must have desirable finiteness properties
O-Minimal Theories
A definable set is f

( x 1 ; . . .; x n )
n
2 <
j
ю ( x 1 ; . . .; x n )
g
A theory of the reals is called o-minimal if every definable
subset of the reals is a finite union of points and intervals
Example: x
f 2 < j p(x ) >
Recent o-minimal theories


(
(
<
; <
; +
; 0 ; 1 )
(
<
; <
; +
;
; <
<
(
<;<
(
<;<
; +
; +
; +
;
в
;
в
;
в
; e
;
;
for polynomial
g
p ( x )
Semilinear Sets
; 0 ; 1 )
в
0
x
; 0 ; 1 )
кf
f x g ; к0 ; 1 )
e
;
f f g; 0 ;
1 )
Semialgebraic Sets
Exponential
Flows
Exponential
flows
Subanalytic Sets (bounded)
?
Spirals ???
O-Minimal Hybrid Systems
A hybrid system H is said to be o-minimal if
n
• the continuous state lives in
<
• For each discrete state, the flow of the vector field is
complete
• For each discrete state, all relevant sets and the flow of
the vector field are definable in the same o-minimal
theory
Main Theorem
Every o-minimal hybrid system admits a finite bisimulation.


Bisimulation alg. terminates for o-minimal hybrid systems
Various corollaries for each o-minimal theory
Controlled Invariance Problem

Discrete Time System : collection H=(X,V,Init,f)
– X
set of state variables
– V = (U,D) set of input and disturbance variables
– Init
set of initial states
– f : X  V  2X
reset relation
 Controlled Invariance Problem: Given a discrete time system H,
and a set F  X, compute W, the maximal controlled invariant
subset of F, and g(x), the least restrictive controller
Controlled Invariance Algorithm
initializa tion W 0  F , W 1  X, l  0
while
W
W
l 1
l 1
    do
 Pre W    x  W
W
l C
l
l
 
| u  U d  D, f ( x, u , d )  Wˆ
l  l 1
end while
set
Wˆ  W l
l 0

 
 u  U | d  D f ( x, u , d )  Wˆ
gˆ ( x)  
U
C


x  Wˆ
x  Wˆ
C


Implementation for Linear DTS



X = n, U = {u|Eu}, D = {d|Gd}, f = {Ax+Bu+Cd},
F = {x|Mx}.
Pre(Wl) = {x | l(x)}
l(x) = u d | [Mlxl]c[Eu]
[(Gd>)(MlAx+MlBu+MlCd l)]
Implementation
–
–
–
–
Quantifier Elimination on d:
Quantifier Elimination on u:
Emptiness:
Redundancy:
Linear Programming
Linear Algebra
Linear Programming
Linear Programming
Implementation for Linear DTS

Q.E. on d:
[(Gd>)(MlAx+MlBu+MlCd  l)] 
[MlAx+MlBu+max{MlCd | Gd}l)]

Q.E. on u:
[Eu]  [MlAx+MlBu+(MlC)  l)] 
[l(MlAx+(MlC))  ll]
where lMlB=0, lE=0, l0,
l0

Emptiness
min{t | M`x  `+(1...1)Tt} > 0
M` = [Ml ; lMlA]

Redundancy
and
where
` = [l ; l(l -(MlC))]
max{miT x | M`x  `}  i`
Decidability Results for Algorithm
The controlled invariant set calculation problem is
 Semi-decidable in general.
 Decidable when F is a rectangle, and A,b is in controllable
canonical form for single input single disturbance.
Extensions:
Hybrid systems with continuous state evolving according to
discrete time dynamics: difficulties arise because sets may not
be convex or connected.
There are other classes of decidable systems which need to be
identified.
Example 1
2 states, 1 input, 1 disturbance, 4 constraints
Converges in 2 iterations
Iteration 1
Iteration 2
100
100
50
50
0
0
-50
-50
-100
-100
-50
0
50
100
-100
-100
-50
0
50
100
Example 2
2 states, 1 input, 1 disturbance, 4 constraints
converges in an infinite number of iterations
Iteration 1
Iteration 2
Iteration 3
80
80
80
60
60
60
40
40
40
20
20
20
0
0
0
-20
-20
-20
-40
-40
-40
0
50
100
0
50
100
0
50
100