1. Guaranteeing Safety in Semi-autonomous Robotic Systems: A Formal Approach through Hybrid Systems with Hidden Modes Domitilla Del Vecchio University of Michigan, EECS MIT, MechE ICRA 2010, Workshop on Formal Methods TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA A A A 1

2. Some of Today’s Networked Robotic Systems Cooperative Active Safety Systems Imperfect Information: From poor/intermittent sensory measurements or missing communication; Presence of Humans: both “in the loop” and “out of the loop” Complexity: from interaction between continuous dynamics and logic, imperfect information, large state spaces… 2 Warfare Systems Despite these challenges, these systems must be safe by design! How do we perform Formal design with humans “out of the loop”?

3. Example: Cooperative Active Safety Cooperative Active Safety Systems For details on modeling human decision making through hybrid systems: Del Vecchio et al. IFAC 2002, Automatica 2003, Walton et al. ICRA 2004 cruise run out brake Worst-case approach: Too Conservative! Hybrid System with Hidden Modes (HSHM) Safety Control Problem for Hybrid Systems with Hidden Modes 3

4. Available Results from the Literature When the state is measured, safety control for hybrid systems has been addressed by several researchers: within an optimal control approach (Tomlin, Pappas, Sastry, Lygeros,…), within a viability approach (Aubin, Quincampoix, Gao,…),… When the state is not measured, these results do not apply. Further, Raskin et al. 2006 showed that for hybrid systems with finite state abstractions, the safety control problem has exponential complexity, while for general classes of nonlinear and hybrid systems it is prohibitive Here: We present a method to tackle safety control for HSHMs We restrict the class of systems to order preserving systems to lighten the complexity arising from the continuous dynamics We show how these results apply to the semi-autonomous vehicle collision avoidance system 4

5. Outline Solution of the safety control problem for HSHMs Computational Techniques Application to semi-autonomous cooperative active safety systems 5

6. Safety control problem for HSHMs Problem 1: (1) (2)Compute a dynamic feedback π map from the history to maintain the state outside C Mode-dependent capture set 6

7. Translation to a perfect information problem 7 Solution: One solves Problem 2 and then shows that (equivalence) Prediction-correction estimator Keeping track of a growing history is prohibitive. Hence, the problem is translated to one with perfect information introducing a state estimate (LaValle, 2006) (For details on equivalence: Verma and Del Vecchio, CDC 2009) State is measured! Problem 2: (1) Compute the Capture set for system (2) Compute a static feedback map to maintain the state outside

8. Algorithmic procedure to compute the mode- dependent capture sets 8 Example: Algorithm 1 In general:

9. The dynamic control map B Example: Contingent cone 9

10. Outline Solution of the safety control problem for HSHMs Computational Techniques Application to semi-autonomous cooperative active safety systems 10

11. Computability Results Thm: If every set of fully connected modes in has a supremum, Algorithm terminates (For details: Verma and Del Vecchio, CDC 2009) When does Algorithm 1 terminate? When is each step of Algorithm 1 efficiently computable? If in every mode the dynamics are given by the parallel composition of order preserving systems and B is a box, then “Pre” can be computed with a linear complexity algorithm (For details: Hafner and Del Vecchio, CDC 2009; Del Vecchio et al, ACC 2009) Piecewise Continuous input order preserving systems 11

12. Computing “Pre” B Easily computed as the input is fixed! 12 If for each mode :Thm:

13. Computing the control map B 13 All inputs are allowed Must be applied to avoid entering

14. Outline Solution of the safety control problem for HSHMs Computational Techniques Application to semi-autonomous cooperative active safety systems 14

15. Application: A semi-autonomous collision avoidance system 15 Braking Accel This system is order preserving!

16. 16 Application (cont.) Mode estimator slice of

17. Application: Experimental result Human control station C1 Human Driven Autonomous Learning of modes: data from 5 different subjects Braking mode Accel mode 17

18. 18 Thanks to: Matt McCullough, UG CSE Umich C1 Human Driven Autonomous Application: Experimental result

19. Conclusions We proposed formal safety control design for semi-autonomous systems through HSHMs B When the mode is unknown, an equivalent control problem with *perfect information* was solved to obtain the feedback map The techniques were applied to a semi-autonomous cooperative active safety system application 19 cruise run out brake When the dynamics are order preserving, computation burden is dramatically reduced C1 Human Driven Autonomous

20. Current/Future Work 20 Software system development for Implementation and final testing on TOYOTA full scale vehicles and test-track (with Caveney and Caminiti at TTC, Ann Arbor) Extension to complex road configurations and multiple-agent conflict points leveraging discrete-event system theory and solution modules based on partial order structures Extension of the theory of hybrid automata with imperfect mode information to incorporate discrete control inputs: useful for modeling the monitoring/warning/control phases of cooperative active safety systems with human-in-the-loop Open questions: communication delays, stochastic models of human behavior…

21. Acknowledgements Rajeev Verma PhD Student in the Systems Lab at University of Michigan Mike Hafner PhD Student in the Systems Lab at University of Michigan Matt McCullough Jeffrey Duperrett Chao Wang Daniel Clark Undergraduate students at University of Michigan Funding: NSF Career Award # CNS-0642719 NSF Goali Award # CMMI-0854907 TOYOTA 21