Domitilla Del Vecchio University of Michigan, EECS MIT, MechE

1. Guaranteeing Safety in Semi-autonomous Robotic Systems: A Formal Approach through Hybrid Systems with Hidden Modes Domitilla Del Vecchio University of Michigan, EECS MIT, MechE ICRA 2010, Workshop on Formal Methods TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAA

2. Some of Today’s Networked Robotic Systems Cooperative Active Safety Systems Imperfect Information: From poor/intermittent sensory measurements or missing communication; Presence of Humans: both “in the loop” and “out of the loop” Complexity: from interaction between continuous dynamics and logic, imperfect information, large state spaces… Warfare Systems Despite these challenges, these systems must be safeby design! How do we perform Formal design with humans “out of the loop”?

3. Example: Cooperative Active Safety Cooperative Active Safety Systems Worst-case approach: Too Conservative! run out cruise brake Hybrid System with Hidden Modes (HSHM) Safety Control Problem for Hybrid Systems with Hidden Modes For details on modeling human decision making through hybrid systems: Del Vecchio et al. IFAC 2002, Automatica 2003, Walton et al. ICRA 2004

4. Available Results from the Literature • When the state is measured, safety control for hybrid systems has been addressed by several researchers: within an optimal control approach (Tomlin, Pappas, Sastry, Lygeros,…) , within a viability approach (Aubin, Quincampoix, Gao,…),… • When the state is not measured, these results do not apply. • Further, Raskin et al. 2006 showed that for hybrid systems with finite state abstractions, the safety control problem has exponential complexity, while for general classes of nonlinear and hybrid systems it is prohibitive Here:We present a method to tackle safety control for HSHMs We restrict the class of systems to order preserving systems to lighten the complexity arising from the continuous dynamics We show how these results apply to the semi-autonomous vehicle collision avoidance system

5. Outline • Solution of the safety control problem for HSHMs • Computational Techniques • Application to semi-autonomous cooperative active safety systems

6. Safety control problem for HSHMs Problem 1: Compute a dynamic feedback π map from the historyto maintain the state outside C Mode-dependent capture set

7. Translation to a perfect information problem Keeping track of a growing history is prohibitive. Hence, the problem is translated to one with perfect information introducing a state estimate (LaValle, 2006) Prediction-correction estimator State is measured! Problem 2: (1) Compute the Capture set for system (2) Compute a static feedback map to maintain the state outside Solution: One solves Problem 2 and then shows that (equivalence) (For details on equivalence: Verma and Del Vecchio, CDC 2009)

8. Algorithmic procedure to compute the mode-dependent capture sets Algorithm 1 Example: In general:

9. The dynamic control map Contingent cone B Example:

10. Outline • Solution of the safety control problem for HSHMs • Computational Techniques • Application to semi-autonomous cooperative active safety systems

11. Computability Results When does Algorithm 1 terminate? When is each step of Algorithm 1 efficiently computable? If in every mode the dynamics are given by the parallel composition of order preserving systems and B is a box, then “Pre” can be computed with a linear complexity algorithm input order preserving systems input (For details: Hafner and Del Vecchio, CDC2009; Del Vecchio et al, ACC 2009) Piecewise Continuous Thm: If every set of fully connected modes in has a supremum, Algorithm terminates input input (For details: Verma and Del Vecchio, CDC 2009)

12. Computing “Pre” Thm: Easily computed as the input is fixed! B If for each mode :

13. Computing the control map B Must be applied to avoid entering All inputs are allowed

14. Outline • Solution of the safety control problem for HSHMs • Computational Techniques • Application to semi-autonomous cooperative active safety systems

15. Application: A semi-autonomous collision avoidance system Braking Accel This system is order preserving!

16. Application (cont.) Mode estimator slice of slice of

17. C1 • Application: Experimental result Human control station Learning of modes: data from 5 different subjects Human Driven Braking mode Accel mode Autonomous

18. C1 • Application: Experimental result Human Driven Autonomous Thanks to: Matt McCullough, UG CSE Umich

19. C1 Conclusions We proposed formal safety control design for semi-autonomous systems through HSHMs B When the mode is unknown, an equivalent control problem with *perfect information* was solved to obtain the feedback map Human Driven When the dynamics are order preserving, computation burden is dramatically reduced run out cruise brake Autonomous The techniques were applied to a semi-autonomous cooperative active safety system application

20. Current/Future Work Software system development for Implementation and final testing on TOYOTA full scale vehicles and test-track (with Caveney and Caminiti at TTC, Ann Arbor) Extension to complex road configurations and multiple-agent conflict points leveraging discrete-event system theory and solution modules based on partial order structures Extension of the theory of hybrid automata with imperfect mode information to incorporate discrete control inputs: useful for modeling the monitoring/warning/control phases of cooperative active safety systems with human-in-the-loop Open questions: communication delays, stochastic models of human behavior…

21. Acknowledgements Matt McCullough Jeffrey Duperrett Chao Wang Daniel Clark Undergraduate students at University of Michigan Rajeev Verma PhD Student in the Systems Lab at University of Michigan Mike Hafner PhD Student in the Systems Lab at University of Michigan Funding: NSF Career Award # CNS-0642719 NSF Goali Award # CMMI-0854907 TOYOTA