Ultimately 1/12 Simplifying Assumptions Vehicles have positive - - PowerPoint PPT Presentation

Sarah M. Loos and André Platzer Computer Science Department Carnegie Mellon University October, 2011

Safe Intersections:

At the Crossing of Hybrid Systems and Verification

Ultimately…

1/12

Simplifying Assumptions

2/12

• Vehicles have positive velocity
• Accurate sensing
• Instantaneous braking and acceleration
• Time synchronization
• Delay for sensor updates is bounded
• Straight lane dynamics
• Cars represented as points, lanes as lines

Previous Work: Highway Control

3/12

• Verified multilane highway system
• Arbitrary number of cars
• Arbitrary number of lanes
• Proof of safety for distributed control

built from two-car “building blocks.”

Intersection Building Blocks

4/12

Intersection Building Blocks

4/12

Intersection Building Blocks

4/12

Intersection Building Blocks

4/12

Intersection Building Blocks

4/12

Intersection Building Blocks

4/12

Intersection Building Blocks

4/12

Intersection Building Blocks

4/12

This is similar to a merge on the highway.

T-Intersection Building Block

5/12

Intersection Building Blocks

6/12

Intersection Building Blocks

6/12

Intersection Building Blocks

6/12

Intersection Building Blocks

6/12

Straight Lane Building Block

7/12

Di Different ntial Dyna l Dynami mic L Logic*

*

Initial Conditions → [Model] Requirements

*The

he s sho hort v version. n.

8/12

Initial Conditions → [Model] Requirements

Di Different ntial Dyna l Dynami mic L Logic

8/12

Initial Conditions → [Model] Requirements

logical formula logical formula

Di Different ntial Dyna l Dynami mic L Logic

8/12

Initial Conditions → [Model] Requirements

logical formula logical formula

Di Different ntial Dyna l Dynami mic L Logic

8/12

Initial Conditions → [Model] Requirements

logical formula logical formula

Di Different ntial Dyna l Dynami mic L Logic

8/12

Initial Conditions → [Model] Requirements

logical formula logical formula hybrid program

Di Different ntial Dyna l Dynami mic L Logic

8/12

Initial Conditions → [Model] Requirements

logical formula logical formula hybrid program discrete control continuous dynamics

Di Different ntial Dyna l Dynami mic L Logic

8/12

logical formula logical formula hybrid program

→ [(ctrl;dyn)*]

discrete control continuous dynamics

Di Different ntial Dyna l Dynami mic L Logic

8/12

logical formula logical formula hybrid program

→ [(ctrl; x’= v; v’= a)*]

discrete control continuous dynamics

Di Different ntial Dyna l Dynami mic L Logic

8/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

9/12

Single Lane Stoplight

Initial Conditions → [Model] Requirements

To Prove:

h

✔

9/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove: Cars can stop initially

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove: Cars can stop initially No collision

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

Cars can stop initially

No collision

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

Cars can stop initially

No collision

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

Cars can stop initially

No collision

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

Cars can stop initially

No collision

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

Cars can stop initially

No collision

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

Cars can stop initially

No collision

10/12

Intersection

Initial Conditions → [Model] Requirements

To Prove:

Cars can stop initially

No collision

h

✔

10/12

Conclusions Future Work

11/12

 Curved road dynamics  Distributed car dynamics  Combinations of merge and cross protocols  Noisy and delayed sensor data  Delayed braking and acceleration reaction  Non-synchronized time  Non-zero car lengths and lane widths

Cha halle lleng nges Solu lutions ns

 Infinite, continuous, and evolving

state space, R∞

 Simulation and testing only

partially prove safety

 Continuous dynamics  Discrete control decisions  Large branching factor

Conclusions

 We give a formal proof for a two-lane

intersection with one car on each lane

 Semi-automated proof generation  Variations in system design  Demonstrated potential for formal

safety verification in car control, even when models have high branching factor

12/12

Conclusions Thank You!

12/12

Conclusions Reference

12/12 The full length paper for this research can be found here: Sarah M. Loos and André Platzer. Safe Intersections: At the Crossing of Hybrid Systems and Verification. In the 14th International IEEE Conference on Intelligent Transportation Systems, ITSC 2011, Washington, D.C., USA, Proceedings, 2011.