Reachability Analysis: State of the Art for Various System Classes

Transcription

1 Reachability Analysis: State of the Art for Various System Classes Matthias Althoff Carnegie Mellon University October 19, 2011 Matthias Althoff (CMU) Reachability Analysis October 19, / 16

2 Introduction Safety Verification Using Reachable Sets sample trajectory unsafe set x 2 x 1 initial set reachable set System is safe if no trajectory enters the unsafe set. Matthias Althoff (CMU) Reachability Analysis October 19, / 16

3 Introduction Safety Verification Using Reachable Sets sample trajectory unsafe set x 2 x 1 initial set overapproximated reachable set System is safe if no trajectory enters the unsafe set. Overapproximated system is safe real system is safe. Challenge: Compute tight overapproximations while avoiding the curse of dimensionality. Matthias Althoff (CMU) Reachability Analysis October 19, / 16

4 Introduction Overview of Important System Classes For all system classes we consider uncertain initial states x(0) X, uncertain inputs u(t) U, finite or infinite time horizons (search for invariant set). Cont. var. System class Dynamics (best case) Challenge linear time ẋ = Ax(t) + Bu(t), 1000 none invariant (LTI) LTI with unc. ẋ = Ax(t) + Bu(t), 100 parameter parameters A A dependencies nonlinear ẋ = f(x(t), u(t), p), 100 linearization p: parameter vector errors hybrid hybrid automaton 100 guard intersection Matthias Althoff (CMU) Reachability Analysis October 19, / 16

5 LTI Systems Linear Time Invariant (LTI) Systems Work of Colas Le Guernic and Antoine Girard (2006). ẋ = Ax(t)+Bu(t), x(0) X 0, u(t) U Scalable (O(n 3 ); n: nr of cont. state variables) when using zonotopes or support functions as set representation. More than 1000 state variables in a few minutes. First wrapping-free algorithm for LTI-Systems; wrapping-effect: propagation of overapproximations through successive time steps. with wrapping effect without wrapping effect Matthias Althoff (CMU) Reachability Analysis October 19, / 16

6 LTI Systems Linear Systems with Uncertain Parameters System matrix A is uncertain in a set of matrices A. ẋ = A(t)x(t)+Bu(t), x(0) X 0, u(t) U, A(t) A R n n Different algorithms for constant and time varying system matrix A. No wrapping-free implementation exists. Scalable (O(n 3 )) when using zonotopes as set representation. How to represent uncertainty in parameters? Interval matrices A = [A,A], matrix zonotopes A = {C + κ i=1 β i G i β i [ 1,1], C,G i R n n }, matrix polytopes A = { κ i=1 α iv i V i R n n,α i 0, i α i = 1}. Matthias Althoff (CMU) Reachability Analysis October 19, / 16

7 RLC circuit LTI Systems Example: RLC circuit with 40 states. R driver U in L R L R L I 1 I 2 I η C U 1 C U 2 C U out 1.5 U out in [V] reachable set for interval matrix reachable set for matrix zonotope time t in 10 9 [s] Matthias Althoff (CMU) Reachability Analysis October 19, / 16

8 Nonlinear Systems Nonlinear Systems with Uncertain Parameters General continuous dynamics described by a Lipschitz continuous function: ẋ = f(x(t),u(t),p(t)), x(0) X 0, u(t) U, p(t) P R p Approach is based on linearizing the system dynamics while adding the linearization errors as an additional uncertain input. Scalable when using zonotopes. Two examples: Rollover verification of a truck. Online verification of autonomous car maneuvers. Matthias Althoff (CMU) Reachability Analysis October 19, / 16

9 Sketch of the Truck Nonlinear Systems Φ z x δ β v Φ t,i y Ψ y Matthias Althoff (CMU) Reachability Analysis October 19, / 16

10 Nonlinear Systems Truck Dynamics mv( β + Ψ) m S h Φ = Y β β +Y Ψ (v) Ψ+Y δ δ I xz Φ+Izz Ψ = Nβ β +N Ψ (v) Ψ+N δ δ (I xx +m S h 2 ) Φ I xz Ψ = ms ghφ +m S vh( β + Ψ) k f (Φ Φ t,f ) b f ( Φ Φ t,f ) k r(φ Φ t,r) b r( Φ Φ t,r) r(y β,f β +Y Ψ,f Ψ+Y δ δ) = m u,f v(r h u,f )( β + Ψ)+m u,f gh u,f Φ t,f k t,f Φ t,f +k f (Φ Φ t,f )+b f ( Φ Φ t,f ) r(y β,r β +Y Ψ) Ψ,r = m u,rv(r h u,r)( β + Ψ) m u,rgh u,rφ t,r yaw controller: k t,rφ t,r +k r(φ Φ t,r)+b r( Φ Φ t,r) v = a x. δ = k 1 e +k 2 e(t)dt, e = Ψ d Ψ. v [10,20] m/s [20,30] m/s [30, [ m/s controller k 1 = 0.4 k 1 = 0.5 k 1 = 0.6 gains k 2 = 1.5 k 2 = 2 k 2 = 2.5 Matthias Althoff (CMU) Reachability Analysis October 19, / 16

11 Nonlinear Systems Reachable Set of the Truck x 2 0 x 4 0 x x x 5 x x guard 0.1 set x 7 Matthias Althoff (CMU) Reachability Analysis October 19, / 16

12 Nonlinear Systems Online Verification Of Autonomous Cars reachable set of the center vehicle occupation possible collision Autonomous vehicles cannot perfectly follow planned trajectories due to uncertain initial states, uncertain measurements, disturbances. Consequence: Planned maneuver is safe under perfect conditions, but may become unsafe due to uncertainties. Matthias Althoff (CMU) Reachability Analysis October 19, / 16

13 Nonlinear Systems Verification Of Evasive Maneuver Evasive maneuver due to a pedestrian stepping on the road: pedestrian autonomous vehicle oncoming vehicle reference trajectory Road Occupancy after reachable set computation: y-position [m] pedestrian t = 5 s t = 4 s t = 3 s t = 2 s t = 1 s t = 0 s reference trajectory t = 0 s t = 1 s t = 2 s t = 3 s t = 4 s t = 5 s x-position [m] Computation time in MATLAB on an Intel i7 Processor with 1.6 GHz in 2.24 s Around 2 times faster than maneuver time (5 s). Matthias Althoff (CMU) Reachability Analysis October 19, / 16

14 Hybrid Systems Hybrid Systems Graphical Description: unsafe set reachable set guard sets invariant initial set jump etc. guard sets x 2 x 1 discrete state z 1 discrete state z 2 In addition to continuous systems, the intersection with guard sets is required. Example: Reachability analysis of a powertrain (up to 100 cont. variables). Matthias Althoff (CMU) Reachability Analysis October 19, / 16

15 Model of the Powertrain Hybrid Systems Powertrain with arbitrary number of rotating masses: engine dynamics u k s k 1 k 2 k o T l 2α J m J l J 1 J 2 J o gear Θ s Θ 1 Θ 2 Θ o Θ m Θ l The system is hybrid due to the consideration of backlash. Matthias Althoff (CMU) Reachability Analysis October 19, / 16

16 Hybrid Systems Reachable Set of the Powertrain x R(0) sample traj. guard set x 1 x guard set sample traj. R(0) x 1 Computation times in seconds: dim. n CPU time st guard nd guard Matthias Althoff (CMU) Reachability Analysis October 19, / 16

17 Conclusions Conclusions and Discussion Conclusions: For all considered system classes (linear, nonlinear, hybrid) new techniques make it possible to consider systems beyond academic examples. However: Typical industry systems with several hundred state variables and complex dynamics (hybrid with nonlinear cont. dynamics) are still out of reach. Discussion to further improve scalability: Consider verification in the design process: What are subsystems and sub-specifications of the whole system? Can the system design be slightly changed to the advantage of a much simpler verification? Can simple models represent complex models when adding uncertainty? Matthias Althoff (CMU) Reachability Analysis October 19, / 16