A simulation example of automated aerial refueling is used to illustrate the application of our approach. I. INTRODUCTION. Systems with switched modes of ...
Robust Reach-Avoid Controller Synthesis for Switched Nonlinear Systems Jerry Ding and Claire J. Tomlin Abstract— In this paper, we describe a method to automatically synthesize controllers that provide hard guarantees of safety and target reachability for sampled-data switched systems under bounded continuous disturbances. Techniques from hybrid system verification are used to perform continuous time differential game calculations on each sampling interval. Iterative procedures are given for computing the set of states for which there exists an admissible control policy so that the closed-loop system satisfies the properties of safety and reachability over a finite time horizon. From this computation, we show how to obtain an explicit state feedback policy in the form of multiple reachable sets, and an algorithm is given for using this feedback law in closed-loop control of the switched system. A simulation example of automated aerial refueling is used to illustrate the application of our approach.
I. I NTRODUCTION Systems with switched modes of operation can be found in a wide range of applications, including automotive systems, aircraft control, robotics, and power electronics, among many others [1]–[4]. The overall system exhibits behaviors of both the continuous domain (i.e. continuous state evolution), as well as the discrete domain (i.e. discrete mode switching). The complex interactions between continuous and discrete dynamics pose significant difficulty in terms of both system analysis and control design. Hybrid systems [5] have been proposed as a unified framework for handling simultaneously the design challenges of the discrete and continuous domain. In this paper, we will formulate controller synthesis procedures for an important special case of hybrid systems – switched systems [6], which assume the following form x˙ = fσ (x, u, d)
(1)
where {fq , q ∈ Q} is a family of vector fields, which are bounded and Lipschitz continuous in x, and parametrized by a finite index set Q, describing the discrete modes of the system; σ is the switching signal; u is the continuous control input; and d is the disturbance input. We assume that the continuous state does not jump across discrete transitions, so that the trajectory of (1) is continuous. Furthermore, in order for the inputs to be directly implementable in a sampled data system, we restrict σ and u to be piecewise constant on sampling intervals, with u taking on a finite set of input levels This work is supported by the “MURI - Frameworks and Tools for High Confidence Design of Adaptive, Distributed Embedded Control Systems” project administered by the Air Force Office of Scientific Research (AFOSR) under Grant FA9550-06-1-0312. J. Ding and C.J. Tomlin are with the Department of Electrical Engineering and Computer Sciences, University of California, Berkeley, CA 94720, USA
{jding,tomlin}@EECS.Berkeley.Edu
in each mode q. On the other hand, the disturbance signal d is assumed to be a bounded measurable function of time, and so does not have to be piecewise constant. We will be interested in controlling the state (q, x) of the switched system (1) to some desired target set, while respecting constraints on the input u and the continuous state x, under any realization of the disturbance d. We refer to this problem throughout the paper as the Reach-Avoid problem. Our approach to this problem is from the point of view of reachability analysis. Numerous theoretical and computational tools have been developed in the domain of reachable set based system verification and controller synthesis for hybrid systems, considering system dynamics ranging from timed automata to general linear and nonlinear continuous dynamics [7]–[12]. To address the computational complexity of reachability analysis, methods have also been proposed to construct abstractions of hybrid systems using simulation and bisimulation relations [13]–[15] and then perform system verification and controller synthesis on the abstractions. Although these efforts have found success in open loop verification of properties of hybrid systems, recovering an implementable control law that solves the reach-avoid problem is in general nontrivial. In some special cases, it may be possible to find this control law by analytic calculations [16], or by automatic verification tools [17]. However, there are in general no systematic methods for the synthesis of explicit feedback policies that can be used in closed-loop control of hybrid systems with nonlinear continuous dynamics. This is the question we seek to answer here, under the restriction that: 1) the system is switched, 2) disturbance cannot affect discrete transitions. The controller synthesis method proposed here is based upon the game theoretic hybrid controller design outlined in [16] and [18], with the advantage of being able to handle disturbances, nonlinear continuous dynamics, and possibly nonconvex state constraints. Previous applications of this theory [19]–[21] have included pairwise aircraft conflict resolution, automated highway platooning, and flight envelope protection for aircraft autolander. We extend these efforts by formulating an iterative procedure for computing the explicit set-valued feedback law that can be used in closedloop control of a sampled-data switched system, in the form of multiple reachable sets. It will become evident that this control law is a robust minimum time to reach controller for the switched system. A numerical example will be presented in the context of automated aerial refueling (AAR) for unmanned aerial vehicles (UAVs) [22].
II. S WITCHED S YSTEM M ODEL Following the formalism defined in [16] and [18], we model a switched system as the collection H = (Q, X, Σ, In, Init, f, Inv, R), where • Q = {q1 , q2 , ..., qm } is a finite set of discrete modes n • X ⊆ R is the continuous state space shared by all the discrete modes • Σ is the set of discrete input variables. In the case of a switched system, all discrete transitions are controlled, with the command to switch to mode qi given by σi . • In = U ∪ D is the set of continuous input variables. In mode qi , the control input n ui is assumed o to take Li 2 1 ⊂ R, on a finite discrete range Ui = ui , ui , ..., ui and is piecewise constant on sampling intervals, with sampling period T . The disturbance input di is assumed to be a vector valued measurable function of time with compact range Di ⊂ RMi . We denote the set of possible realizations of di on any sampling interval by Di . • Init is the set of allowable initial conditions (q(0), x(0)). Let the set of forbidden states in mode qi be S given by Ai ⊂ X. Define the avoid set as m AH = i=1 {qi }×Ai . Then we assume Init ⊆ (AH )C , namely the system is initialized in a safe condition. For discussions on reachability, the target set is similarly S defined as RH = qi ∈Q {qi } × Ri . Without loss of ˜ H = RH \AH ). generality, RH ∩ AH = ∅ (if not, take R • f is a vector field describing the evolution of the continuous state in each discrete mode. Specifically, the state trajectory in qi is assumed to be the solution of the ordinary differential equation x˙ = fi (x, ui , di ), x(0) = x0 , where fi is bounded and Lipschitz continuous in x for fixed ui and di . • Inv is a combination of states and inputs for which continuous evolution is allowed (usually used to model autonomous transitions). In the case of a switched system, continuous evolution in mode qi is permitted unless a command σj , j 6= i is issued. • R is a reset relation defining the set of enabled discrete transitions. Discrete transitions are assumed to be only enabled at sampling instants and the continuous state is not reset across discrete transitions. For notational convenience, we will denote by R(q) the set of discrete states one can transition to from q ∈ Q. Remark: The scalar input ui for each mode can be viewed as the parameterization of a feedback law designed for mode qi . For example, a finite library of maneuvers can be used for high level control of autonomous vehicles [2], [3]. One may consider parameterizing the control laws for these maneuvers to obtain a richer set of behaviors, for example varying the velocity, acceleration, or turning rate. III. P ROBLEM F ORMULATION For some finite horizon [kT, N T ), define a control policy which only depends on the state measurements at sampling instants by the sequence πk→N = (µk , µk+1 , µN −1 ) of state feedback maps µj : Q × X → Σ × U from the hybrid state
space Q × X to the control input Sspace Σ × U satisfying µj (q, x) ∈ Z(q), where Z(q) = qi ∈R(q) {σi } × Ui . We denote the set of such admissible control policies by Pk→N . Under a differential game setting, we assume that the disturbance has full knowledge of the control input selected on any sampling interval. Then, a permissible disturbance strategy over the time horizon [kT, N T ) is defined by the sequence γk→N = (νk , νk+1 , νN −1 ) of maps νj : Σ × U → S D , satisfying νj (σi , ui ) ∈ Di . This defines a map i qi ∈Q from the control input space to the set of non-anticipative realizations of the disturbance in each mode on sampling interval [kT, (k+1)T ). We denote the set of such permissible disturbance strategies by Dk→N . With the assumptions on the switched system model as given in section II, and the definitions of admissible control policies and disturbance strategies above, we can now state formally the problem we would like to solve: Problem 1: (Finite Horizon Reach-Avoid) Given a sampled-data switched system H, and the sets RH , AH : 1) compute the set of states E ⊂ Q × X such that for (q0 , x0 ) ∈ E, there exists an admissible control policy π0→N ∈ P0→N so that for any disturbance strategy γ0→N ∈ D0→N , the closed-loop state trajectory (qcl (·), xcl (·)) satisfies (qcl (kT ), xcl (kT )) ∈ RH for some k ∈ {0, 1, . . . , N }, and (qcl (t), xcl (t)) ∈ / AH for all t ∈ [0, kT ]; 2) synthesize a time varying state feedback law F (q, x, k), k = 0, 1, . . . , N − 1 such that for any initial condition (q0 , x0 ) ∈ E, the closedloop trajectory satisfies the above conditions. IV. R EACHABLE S ET C OMPUTATION AND C ONTROLLER S YNTHESIS In this section, we describe procedures for computing the set E, as well as synthesizing the feedback law F . For the discussion in this section, we define the finite horizon reachavoid set from time step k to N by H Ck→N = {(q, x) ∈ Q × X :
∃πk→N ∈ Pk→N , s.t. ∀γk→N ∈ Dk→N , (∃j ∈ {k, k + 1, ..., N } , s.t. (qcl (jT ), xcl (jT )) ∈ RH ) ∧((qcl (t), xcl (t)) ∈ / AH , ∀t ∈ [kT, jT ]) . where (qcl (·), xcl (·)) is the closed-loop trajectory determined by the initial condition (q, x), control policy πk→N , and disturbance strategy γk→N . Intuitively, this is the set of initial conditions that can be controlled into RH within N − k sampling intervals by an admissible control policy, while keeping the system states outside AH at all times, regardless of any permissible disturbance strategy. A. Finite Horizon Reach-Avoid Set Computation As a first step, we define the one step uncontrollable predecessor for qi ∈ Q, uli ∈ Ui , and G ⊂ X as q ,uli
P redi
(G, T ) = {x0 ∈ X : ∃di ∈ Di , ∃t ∈ [0, T ], s.t. x(t) ∈ G}
where x(·) is the solution of the ODE x˙ = fi (x, ui , di ), x(0) = x0 , ui ≡ uli on the sampling interval [0, T ].
Intuitively speaking, this is the set of states for which using a fixed input uli in mode qi , the continuous state can be pushed into the set G within a sampling interval by an admissible disturbance strategy. Under suitable technical conditions given in [23], this set can be computed as the solution of a Hamilton-Jacobi PDE. Specifically, suppose we can define the set G implicitly as the sublevel set of a bounded and Lipschitz continuous function φ0 : X → R, so that G = {x ∈ X, φ0 (x) ≤ 0}
(2)
Furthermore, assume that the vector field fi is bounded and Lipschitz continuous in x, and that the input and disturbance signals obey the conditions given in section II. Let φ : X × [−T, 0] → R be the viscosity solution of the terminal value Hamilton-Jacobi PDE � � �� ∂φ ∂φ + min 0, H x, = 0, φ(x, 0) = φ0 (x) (3) ∂t ∂x where H (x, p) = mindi ∈Di pT fi (x, uli , di ). Then by a special case of the argument presented in [23], q ,ul we have that P redi i (G, T ) = {x ∈ X, φ(x, −T ) ≤ 0}. A numerical toolbox as described in [24] can be used to compute the solution to equation (3). Next, we define the one step controllable predecessor for qi ∈ Q, uli ∈ Ui , and a subset G ⊂ X as qi ,uli
P reu
(G, T ) = {x0 ∈ X : ∀di ∈ Di , x(T ) ∈ G}
where x(·) is the solution of the ODE x˙ = fi (x, ui , di ), x(0) = x0 , ui ≡ uli on the sampling interval [0, T ]. Intuitively speaking, this is the set of states for which using a fixed input uli in mode qi , the continuous state can be pushed into G at the end of the sampling interval regardless of the disturbance strategy. This set can be computed by a slight modification of equation (3). Putting these together, we define the one step reach-avoid operator for qi ∈ Q, uli ∈ Ui , and G1 , G2 ⊂ X as l
RAqi ,ui (G1 , G2 , T ) = {x0 ∈ X : ∀di ∈ Di , (x(T ) ∈ G1 ) ∧ (x(t) ∈ / G2 , ∀t ∈ [0, T ])} where x(·) is the solution of the ODE x˙ = fi (x, ui , di ), x(0) = x0 , ui ≡ uli on the sampling interval [0, T ]. It can be inferred that qi ,uli
RA
(G1 , G2 , T ) =
qi ,ul P reu i (G1 , T )
q ,uli
∩ (P redi
(G2 , T ))C .
We note that for sets with level set representations such as in equation (2), set intersections can be computed by simply taking pointwise maximization of the level set functions. Given G1 , G2 ⊂ X, define RAqi (G1 , G2 , T ) as the set of states for which there exists some input uli in mode qi such that the continuous state can be pushed into G1 at the end of the sampling interval, while avoiding G2 over the entire
sampling interval, under any admissible disturbance strategy. By straightforward reasoning, RAqi (G1 , G2 , T ) =
Ni [
l
RAqi ,ui (G1 , G2 , T ).
l=1
We note that set unions can be computed by taking pointwise minimization of level set functions. For the next step, consider subsets K1 , K2 ⊂ Q × X. Let K1j , K2j denote the component of these sets in mode qj . Define RAR(qi ) (K1 , K2 , T ) as the set of states for which under a permissible switching command σ in mode qi , the continuous state can be pushed into K1 at the end of the sampling interval, while avoiding the set K2 throughout the sampling interval, regardless of the choice of disturbance strategy. It can be inferred that [ RAR(qi ) (K1 , K2 , T ) = RAqj (K1j , K2j , T ). qj ∈R(qi )
Finally we form the one step reach-avoidSoperator for the switched system RAH (K1 , K2 , T ) = qi ∈Q {qi } × RAR(qi ) (K1 , K2 , T ). Now recall the definition of the reach set RH and the avoid set AH . Consider algorithm IV.1 for computing the finite horizon reach-avoid set. Algorithm IV.1 Computation of Exact Finite Horizon ReachAvoid Set Require: RH , AH ⊂ Q × X 1: S0 ⇐ RH 2: for j = 0 to N − k − 1 do 3: Sj+1 ⇐ RAH (Sj , AH , T ) ∪ Sj 4: end for 5: return SN −k The main result of this section is given by the following proposition. Proposition 4.1: The output SN −k of Algorithm IV.1 satH isfies SN −k = Ck→N , k = 0, 1, ..., N − 1. In particular, SN H is the N step finite horizon reach-avoid set C0→N . Proof: The proof proceeds by induction. For the base step, consider the set S1 . From the definition of the algorithm, H S1 = RAH (RH , AH , T ) ∪ RH = CN −1→N H For the inductive step, suppose Cj→N = SN −j , for some j ∈ {1, 2, ..., N − 1}. Then by the induction hypothesis, H H SN −j+1 = RAH (Cj→N , AH , T ) ∪ Cj→N H , then First, take (q, x) ∈ SN −j+1 . If (q, x) ∈ Cj→N H trivially we conclude (q, x) ∈ Cj−1→N . Suppose this is H not the case, then (q, x) ∈ RAH (Cj→N , AH , T ), and so there exists an admissible input pair (σ, u), such that for every d[j−1,j] (·) ∈ Dσ , the one step state trajectory satisfies H (q(jT ), x(jT )) ∈ Cj→N , and (q(t), x(t)) ∈ / AH , ∀t ∈ [(j − 1)T, jT ]. Furthermore, by the property of the set
H H Cj→N , from any initial condition (q(jT ), x(jT )) ∈ Cj→N , there exists a permissible control policy πj→N ∈ Pj→N such that regardless of any admissible disturbance strategy γj→N ∈ Dj→N , the N − j step state trajectory satisfies (q(lT ), x(lT )) ∈ RH , for some l ∈ {j, j + 1, ..., N } and (q(t), x(t)) ∈ / AH , ∀t ∈ [jT, lT ]. Define a control policy by πj−1→N = (µj−1 , πj→N ), where µj−1 is any admissible one step feedback policy that satisfies µj−1 (q, x) = (σ, u). Then clearly, πj−1→N ∈ Pj−1→N and for any choice of γj−1→N ∈ Dj−1→N , the closed-loop state trajectory from (q, x) reaches RH within N − j + 1 steps, while remaining outside AH over the time interval [(j − 1)T, N T ]. Thus, H H (q, x) ∈ Cj−1→N , and so we have that SN −j+1 ⊆ Cj−1→N . C Now take (q, x) ∈ (SN −j+1 ) , then (q, x) ∈ / SN −j = H H Cj→N and (q, x) ∈ / RAH (Cj→N , AH , T ). Thus, for any πj→N ∈ Pj→N , there exists a choice of disturbance strategy γj→N ∈ Dj→N , such that (q, x) is not controllable to RH within N − j time steps, while staying outside of AH . Furthermore, for any admissible input (σ, u), there exists d[j−1,j] (·) ∈ Dσ , such that the one step state trajectory satisfies either (q(t), x(t)) ∈ AH , for some t ∈ [(j − H . Clearly, this implies 1)T, jT ] or (q(jT ), x(jT )) ∈ / Cj→N H H that (q, x) ∈ / Cj−1→N , and so (SN −j+1 )C ⊆ (Cj−1→N )C , H in turn implying Cj−1→N ⊆ SN −j+1 . Combining this with H the previous inclusion, we have that Cj−1→N = SN −j+1 . The result then follows by induction. By the result of this proposition, it is clear that the set E as required by Problem 1 is given by E = SN .
B. Finite Horizon Reach-Avoid Controller Synthesis Suppose we have a finite horizon N , we can perform automated computations using Algorithm IV.1 offline and l retain the sets RAqi ,ui (Sji , Ai , T ) for qiP∈ Q, uli ∈ Ui , and m j = 0, 1, ..., N − 1. There are NR = N ( i=0 Li ) such sets. Now consider a feasible initial condition (q(0), x(0)) ∈ SN . First, we find the smallest index N0 ≤ N such that (q(0), x(0)) ∈ SN0 . Suppose N0 = N , then by the property of the set SN , ∃qj ∈ R(q(0)), and ∃ulj ∈ Uj , such that l j x(0) ∈ RAqj ,uj (SN Hence, choosing −1 , Aj , T ). (σ(0), u(0)) = (σj , ulj ) as our control input, we ensure that regardless of the choice of disturbance input d[0,1] (·) ∈ Dσ(0) , the one step state trajectory satisfies H (q(T ), x(T )) ∈ SN −1 = C1→N and (q(t), x(t)) ∈ / AH , ∀t ∈ [0, T ]. This procedure can be repeated at each time step until the system state is driven inside RH . Let I = {0, 1, . . . , N − 1}, and let 2Σ×U denote the power set of Σ×U . Then the control policy required by Problem 1 is given by the time-varying, set-valued state feedback law F : Q × X × I → 2Σ×U F (q, x, k) = {(σ 0 , u0 ), σ 0 = qj ∈ R(q), o 0 j x ∈ RAqj ,u (SN , A , T ) . j −1 k
(4)
where Nk ≤ N − k is the smallest index such that (q, x) ∈ SNk . In pseudo-code, this feedback law can be implemented as in Algorithm IV.2.
Algorithm IV.2 Online Implementation of Finite Horizon Reach-Avoid Control Policy Require: (q(0), x(0)) ∈ SN 1: for k = 0 to N − 1 do 2: Measure state (q(kT ), x(kT )) 3: if (q(kT ), x(kT )) ∈ RH then 4: Terminate algorithm 5: else 6: Fk ⇐ ∅ 7: Find smallest Nk ≤ N − k such that (q(kT ), x(kT )) ∈ SNk 8: for all qj ∈ R(q(kT )) and ulj ∈ Uj do l j 9: if x(kT ) ∈ RAqj ,uj (SN , Aj , T ) then k −1 l 10: Add (σj , uj ) to Fk 11: end if 12: end for 13: Apply (σ(kT ), u(kT )) ∈ Fk 14: end if 15: end for Remark: Since Sk is the set of all states that are robustly controllable to RH within N − k time steps using an admissible control control policy, while respecting input and state constraints, it is not difficult to see that F as defined by equation (4) is a robust minimum time to reach control law for every initial condition (q0 , x0 ) ∈ SN . C. Finite Horizon Reach-avoid Example: Automated Aerial Refueling To illustrate the procedure for the algorithms given in this section, we will use the specific example of automated aerial refueling [22]. This scenario arises where unmanned aerial vehicles (UAVs) undertake long range missions, and need to be refueled mid-flight by a human-operated tanker aircraft. The refueling procedure is illustrated in Figure 1. Δw
Target Set for Refueling
Human-Piloted Tanker
5. 3.
4.
δ 2.
1. Human-Operated Boom
6.
7.
Fig. 1.
UAV
Aerial refueling process.
We assume as in [22] that the tanker aircraft and UAV are in level flight throughout the refueling scenario, and that the tanker holds a constant heading, but with small fluctuations in velocity due to environmental disturbances. Then, modeling the dynamics of the tanker and UAV using a planar kinematic model, the relative motion of the UAV in the tanker reference frame can be described by the equation
x˙ 1 −w1 + u1 cos x3 u1 sin x3 x˙ = x˙ 2 = x˙ 3 u2
(5)
where x1 , x2 are the x-y coordinates of the UAV relative to the tanker aircraft, x3 is the heading angle of the UAV relative to the tanker, u1 , w1 are the linear velocities of the UAV and tanker aircraft, and u2 is the angular velocity of the UAV. The graphical representation of this coordinate system is shown in Figure 2. x1
x3 O
x2
u1 u2
MQ-9 Predator B, but other values, while realistic, are not based on known physical constraints. With this in mind, the UAV input bounds are given by [u1 , u1 ] = [40, 113] m/s, with quantization L1 = 3; [u2 , u2 ] = [−π/6, π/6] rad/s, with quantization L2 = 2. The nominal tanker velocity is chosen to be 75% of the maximum UAV velocity, with 5% deviation, [w1 , w1 ] = [80.75, 89.25] m/s. Based upon approximate length and wingspan of the Boeing KC-135 Stratotanker, the protected radius is chosen to be d0 = 30 m. Waypoints 1 and 7 are located at (−20, −34) m; waypoints 2 and 6 are located at (−41, −34) m; waypoints 3 and 5 are located at (−41, −0) m; waypoint 4 is located at (−23, 0) m. The position and heading tolerances around the waypoints are chosen as r0 = 2.5 m and ∆θ = π/18 radians. A reach-avoid calculation is performed using Algorithm IV.1, with sampling interval T = 0.1 seconds, for each of the refueling maneuvers. The reach-avoid set for the Contact maneuver (from waypoint 3 to 4) is shown in Figure 4, computed over a time horizon of 2.1 seconds.
Fig. 2. Relative-coordinate system of kinematic model (5). The origin of the coordinate system is centered on the tanker aircraft.
We model the control of the UAV as a switched nonlinear system defined by the state transition diagram in Figure 3.
Fig. 4. (a)Finite horizon reach-avoid set for Contact maneuver; (b)Crosssection of reach-avoid set at relative angle x3 = 0 degrees.
Fig. 3.
Two mode control system for aerial refueling example.
In mode q1 , the continuous state evolves according to equation (5), with the angular velocity fixed to be u2 = 0, while in mode q2 , the continuous state evolves according to equation (5), with the linear velocity fixed to be u1 = (vmin +vmax )/2, where vmin and vmax are the UAV velocity bounds. Thus, in q1 , we can vary the linear velocity, while in q2 , we can vary the angular velocity. In both discrete states, the avoid set is assumed to be a disk of radius d0 centered on the origin in the relative state space, with a slight dent behind the tanker to allow the UAV to approach the fueloboom. Specifically, A1 = A2 = n p x ∈ X : x21 + x22 ≤ d0 \N , where d0 is the protected radius, and N is a neighborhood of states around the boom location. The target set varies with the location of the waypoint for each maneuver. For manuever j, the target set assumes the form R1j = R2j = B(xjd , r0 ) × [−∆θ, ∆θ], where B(xjd , r0 ) denotes a ball of radius r0 centered on the waypoint xjd in the plane and ∆θ denote the tolerance for heading deviation at the waypoints. In regards to the choice of parameters, the maximum UAV velocity value is based on published specifications for the
The reach-avoid sets for the various refueling maneurvers are backchained using the procedure described in [22]. To validate the controller synthesis procedure, the feedback law is implemented in simulation and the results are given in Figure 5. The corresponding state trajectory in the relative coordinate space is shown in Figure 6. As can be seen, the UAV successfully avoids a collision with the tanker aircraft, regardless of the random fluctuations of tanker velocity, and completes the entire refueling sequence (excluding the time spent refueling) within 7 seconds. For this example, we ran a MATLAB implementation of Algorithm IV.2, and the average computation time for each iteration of the algorithm was found to be approximately 0.15 seconds. However, we believe that this time can be significantly reduced with a more efficient implementation, such as described in [25]. V. F UTURE W ORK Possible directions for future work include extensions to hybrid systems with state dependent transitions and multiple continuous inputs in each discrete mode. When state dependent mode transitions are allowed, the reachable set computation will need to properly account for portions of the reachable set that cross state dependent guard conditions. In terms of multiple inputs, a straightforward extension would be to allow for a quantization of the multi-dimensional
[5] [6] [7] [8] [9]
[10] [11]
[12]
[13]
Fig. 5.
Automated aerial refueling sequence simulation sample run.
[14] [15] [16] [17]
[18] Fig. 6. Refueling sequence trajectory simulation in relative coordinate space: (a)side view; (b)top-down view.
[19] [20]
input space in each mode. However, this approach raises the question of how many quantization levels are needed to appropriately capture the range of behaviors required to accomplish a given control objective.
[21]
[22]
R EFERENCES [1] A. Balluchi, L. Benvenuti, M. di Benedetto, C. Pinello, and A. Sangiovanni-Vincentelli, “Automotive engine control and hybrid systems: challenges and opportunities,” Proceedings of the IEEE, vol. 88, no. 7, pp. 888–912, Jul 2000. [2] R. Fierro, A. Das, V. Kumar, and J. Ostrowski, “Hybrid control of formations of robots,” in Robotics and Automation, 2001. Proceedings 2001 ICRA. IEEE International Conference on, vol. 1, 2001, pp. 157 – 162. [3] E. Frazzoli, M. Dahleh, and E. Feron, “Robust hybrid control for autonomous vehicle motion planning,” in Decision and Control, 2000. Proceedings of the 39th IEEE Conference on, vol. 1, 2000, pp. 821– 826. [4] S. Aimer, H. Fujioka, U. Jonsson, C.-Y. Kao, D. Patino, P. Riedinger, T. Geyer, A. Beccuti, G. Papafotiou, M. Morari, A. Wernrud, and A. Rantzer, “Hybrid control techniques for switched-mode dc-dc
[23]
[24]
[25]
converters Part I: The step-down topology,” in American Control Conference, 2007. ACC ’07, July 2007, pp. 5450 –5457. M. Branicky, V. Borkar, and S. Mitter, “A unified framework for hybrid control: model and optimal control theory,” Automatic Control, IEEE Transactions on, vol. 43, no. 1, pp. 31–45, Jan 1998. D. Liberzon and A. Morse, “Basic problems in stability and design of switched systems,” Control Systems Magazine, IEEE, vol. 19, no. 5, pp. 59 –70, Oct 1999. R. Alur and D. L. Dill, “A theory of timed automata,” Theoretical Computer Science, vol. 126, no. 2, pp. 183 – 235, 1994. T. Henzinger, “The theory of hybrid automata,” in Logic in Computer Science, 1996. LICS ’96. Proceedings., Eleventh Annual IEEE Symposium on, July 1996, pp. 278 –292. E. Asarin, B. Olivier, T. Dang, and O. Maler, “Approximate reachability analysis of piecewise-linear dynamical systems,” in Lecture Notes in Computer Science, Hybrid Systems: Computation and Control, vol. 1790. Berlin, Germany: Springer-Verlag, 2000, pp. 20–31. A. Chutinan and B. H. Krogh, “Computational techniques for hybrid system verification,” Automatic Control, IEEE Transactions on, vol. 48, no. 1, pp. 64–75, Jan 2003. A. B. Kurzhanski and P. Varaiya, “Ellipsoidal techniques for reachability analysis,” in Lecture Notes in Computer Science, Hybrid Systems: Computation and Control, vol. 1790. Berlin, Germany: SpringerVerlag, 2000, pp. 202–214. J.-P. Aubin, J. Lygeros, M. Quincampoix, S. Sastry, and N. Seube, “Impulse differential inclusions: a viability approach to hybrid systems,” Automatic Control, IEEE Transactions on, vol. 47, no. 1, pp. 2 –20, Jan 2002. R. Alur, T. Henzinger, G. Lafferriere, and G. Pappas, “Discrete abstractions of hybrid systems,” Proceedings of the IEEE, vol. 88, no. 7, pp. 971 –984, July 2000. E. Haghverdi, P. Tabuada, and G. J. Pappas, “Bisimulation relations for dynamical, control, and hybrid systems,” Theoretical Computer Science, vol. 342, no. 2-3, pp. 229 – 261, 2005. A. Girard, A. A. Julius, and G. J. Pappas, “Approximate simulation relations for hybrid systems,” Discrete event dynamic systems, vol. 18, no. 2, pp. 163–179, June 2008. J. Lygeros, C. Tomlin, and S. Sastry, “Controllers for reachability specifications for hybrid systems,” Automatica, vol. 35, no. 3, pp. 349 – 370, 1999. E. Asarin, O. Maler, and A. Pnueli, “Symbolic controller synthesis for discrete and timed systems,” in Lecture Notes in Computer Science, Hybrid Systems II, P. Antsaklis, W. Kohn, A. Nerode, and S. Sastry, Eds., vol. 999. Berlin, Germany: Springer-Verlag, 1995, pp. 1–20. C. Tomlin, J. Lygeros, and S. Shankar Sastry, “A game theoretic approach to controller design for hybrid systems,” Proceedings of the IEEE, vol. 88, no. 7, pp. 949 –970, Jul 2000. C. Tomlin, I. Mitchell, and R. Ghosh, “Safety verification of conflict resolution manoeuvres,” Intelligent Transportation Systems, IEEE Transactions on, vol. 2, no. 2, pp. 110–120, Jun 2001. J. Lygeros, D. Godbole, and S. Sastry, “Verified hybrid controllers for automated vehicles,” Automatic Control, IEEE Transactions on, vol. 43, no. 4, pp. 522 –539, Apr 1998. A. Bayen, I. Mitchell, M. Oishi, and C. Tomlin, “Aircraft autolander safety analysis through optimal control-based reach set computation,” Journal of Guidance, Control, and Dynamics, vol. 30, no. 1, pp. 68– 77, January-February 2007. J. Ding, J. Sprinkle, S. S. Sastry, and C. J. Tomlin, “Reachability calculations for automated aerial refueling,” in Decision and Control, 2008. CDC 2008. 47th IEEE Conference on, Dec. 2008, pp. 3706– 3712. I. M. Mitchell, A. M. Bayen, and C. J. Tomlin, “A time-dependent Hamilton-Jacobi formulation of reachable sets for continuous dynamic games,” Automatic Control, IEEE Transactions on, vol. 50, no. 7, pp. 947–957, July 2005. I. M. Mitchell and J. A. Templeton, “A toolbox of Hamilton-Jacobi solvers for analysis of nondeterministic continuous and hybrid systems,” Hybrid Systems Computation and Control, vol. 3414/2005, pp. 480–494, Feb. 2005. J. Sprinkle, A. D. Ames, J. M. Eklund, I. Mitchell, and S. S. Sastry, “Online safety calculations for glideslope recapture,” Innovations in Systems and Software Engineering, vol. 1, no. 2, pp. 157–175, September 2005.
