Locked-on: verifying controls for aircraft tracking Chun Kai Ling, - - PowerPoint PPT Presentation

Locked-on: verifying controls for aircraft tracking

Chun Kai Ling, Daniel Wong 15-824 Logical Foundations of Cyber-Physical Systems

• f 34

Motivation

• Tracking: Orienting the radar to keep the beam continuously on the aircraft
• Goal: Design a controller for a ground-based aircraft radar to track an aircraft
• Civilian: monitor uncooperative planes (hijacked, trespassing)
• Military: track aircraft for ground-based air defence

2

• f 34

Related work

• Controllers
• Jesurum. In the spotlight. CPS VV Grand Prix, 2017.


(Model incorrect, potentially vacuous)

• Davis, Wise. Safe robot follow-the-leader in the plane, CPS Grand Prix, 2014.

(Weaker assumptions: follower can instantaneously set its velocity)

• Dynamics
• Jeannin, Ghorbal, Kouskoulas, Schmidt, Gardner, Mitsch, Platzer. A formally

verifjed hybrid system for safe advisories in the next-generation airborne collision avoidance system

3

• f 34

Modelling the real world

4

y: altitude x: location on horizon z: straight-line distance from radar to aircraft

• Say z is XX km

We model the (x, y) dimensions

• 747 cruising altitude = 35,000 ft (12 km)
• F-16 optimal combat altitude 30-40,000 ft (9.1-12 km)
• Say y varies by up to 10,000 ft (3 km)

θ1, θ2: radar elevation and bearing

• f 34

Modelling the real world

5

y: altitude x: location on horizon z: straight-line distance from radar to aircraft

• Say z is XX km

We model the (x, y) dimensions

• 747 cruising altitude = 35,000 ft (12 km)
• F-16 optimal combat altitude 30-40,000 ft (9.1-12 km)
• Say y varies by up to 10,000 ft (3 km)

Assumption: z >> y
 (allowing the use of small-angle

• approx. for the controller’s beam)

θ1, θ2: radar elevation and bearing

• f 34

2D model

6

yac: aircraft’s altitude xc: controller’s location (center of radar beam) on horizon xac: aircraft’s location on horizon yc: controller’s altitude Pencil-beam radar R: radius of pencil beam

• f 34

1D model

7

xac: aircraft’s location on horizon Pencil-beam radar R: radius of pencil beam

We will fjrst show the proof for the 1D case, and then how to extend it to 2D

xc: controller’s location (center of radar beam) on horizon

• f 34

Model

• Assumption: we know aircraft’s position, velocity (from Doppler effect)
• Assumption: we model the aircraft as a point mass
• Safety: if the aircraft starts off within the beam and velocity is not too high,


it will remain within the beam
 | xaircraft - xcontroller |< R, radar beam radius

8

• f 34

Simplifjcations

• These assumptions are made for ease of illustration, and may be removed with little

to no trouble

• The target has a velocity of 0 and is not accelerating
• The tracker is initially centered at the target with a velocity v0 > 0

9

• f 34

τ1 T τ2 τ3

Time

v0 v1 v3 v2

VelRcity

τ1 T τ2 τ3

Time

v0 v1 v3 v2

VelRcity

Run 1 Run 2 Run 3

Problem

10

Maximum Reaction Time Actual time at which
 controller takes control

• f tracker

• f 34

τ1 T τ2 τ3

Time

v0 v1 v3 v2

VelRcity

τ1 T τ2 τ3

Time

v0 v1 v3 v2

VelRcity

Run 1 Run 2 Run 3

Problem

11

Maximum Reaction Time Actual time at which
 controller takes control

Goal: bound displacement as duration increases, and when reaction time T is nondeterministic

• f tracker

• f 34

τ3 T τ2 τ5 τ1 τ4

Time

v0, v2, v4 v1, v3, v5 −v0

VelRcity

τ3 T τ2 τ5 τ1 τ4

Time

v0, v2, v4 v1, v3, v5 −v0

VelRcity

5un 1 5un 2 5un 3 5un 4 5un 5 5un 6 DiVplDcement (AreD)

A failed controller

12

Runaway displacement

• f 34

• f 34

[A] A simple controller

• Intuition: pretend that reaction time is exactly T
• Assign acceleration such that velocity = 0 after control cycle
• Set acceleration = -(velocity/T)
• Achieves velocity = 0 after one cycle
• What if reaction time could be less than T?
• 0 is a lower bound on displacement
• What about an upper bound?

13

What if reaction time could be less than T?

• f 34

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

Run 1 Run 2 Run 3 Run 4 BRund

Blue curve is exponentially decaying
 → fjnite area under curve Upper bound (in velocity and area) on solid lines

[A] A simple controller

Bound

14 of 34

• f 34

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

Run 1 Run 2 Run 3 Run 4 BRund

Blue curve is exponentially decaying
 → fjnite area under curve Upper bound (in velocity and area) on solid lines

[A] A simple controller

Bound

15 of 34

• f 34

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

Run 1 Run 2 Run 3 Run 4 BRund

Blue curve is exponentially decaying
 → fjnite area under curve Upper bound (in velocity and area) on solid lines

[A] A simple controller

Bound

16 of 34

• f 34

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

Run 1 Run 2 Run 3 Run 4 BRund

Blue curve is exponentially decaying
 → fjnite area under curve Upper bound (in velocity and area) on solid lines

[A] A simple controller

Bound

17 of 34

• f 34

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

τ1 T τ3 τ2 τ4

Time

v0 v1 v2 v4 v3

VelRcity

Run 1 Run 2 Run 3 Run 4 BRund

Blue curve is exponentially decaying
 → fjnite area under curve Upper bound (in velocity and area) on solid lines

[A] A simple controller

Bound

18 of 34

• f 34

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

BRund Run 1 Run 2 Run 3 Run 4

[A] also works for known, constant aircraft acceleration

Use relative displacement, velocities and acceleration

Bound Known, constant acceleration

Area between piecewise linear graph and blue line remains bounded

19 of 34

• f 34

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

KnRwn CRnVtant Acc Run 1 Run 2 Run 3 Run 4

[A] also works for known, constant aircraft acceleration

Use relative displacement, velocities and acceleration

Bound Known, constant acceleration

Area between piecewise linear graph and blue line remains bounded

20 of 34

• f 34

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

KnRwn CRnVtant Acc Run 1 Run 2 Run 3 Run 4

[A] also works for known, constant aircraft acceleration

Use relative displacement, velocities and acceleration

Bound Known, constant acceleration

Area between piecewise linear graph and blue line remains bounded

21 of 34

• f 34

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

KnRwn CRnVtant Acc Run 1 Run 2 Run 3 Run 4

[A] also works for known, constant aircraft acceleration

Use relative displacement, velocities and acceleration

Bound Known, constant acceleration

Area between piecewise linear graph and blue line remains bounded

22 of 34

• f 34

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

T τ4 τ3 τ2 τ1

Time

v0 v3 v1 v2 v4

VelRcity

KnRwn CRnVtant Acc Run 1 Run 2 Run 3 Run 4

[A] also works for known, constant aircraft acceleration

Use relative displacement, velocities and acceleration

Bound Known, constant acceleration

Area between piecewise linear graph and blue line remains bounded

23 of 34

• f 34

−v0 v0

Velocity

T 2T 3T

Time DiVplDcement

[B] Another simple controller

• Pretend reaction time is

exactly T

• Select acceleration such that

displacement is unchanged, but sign of velocity is fmipped

• Set acc := - 2 * velocity / T
• Velocity oscillates in sign
• Displacement oscillates

24

Bounded in magnitude

• f 34

v0 −v0 v0 −v0

Velocity-Displacement Space

25

Velocity Displacement

Run 1 Run 2

Start:
 displacement = 0, velocity = v0

• f 34

• f 34

v0 −v0 v0 −v0

Velocity-Displacement Space

25

Velocity Displacement

Run 1 Run 2

Start:
 displacement = 0, velocity = v0

ODE runs until T (maximum reaction time)

• f 34

• f 34

v0 −v0 v0 −v0

Velocity-Displacement Space

25

Velocity Displacement

Run 1 Run 2

Each coloured line is

• ne control cycle

Start:
 displacement = 0, velocity = v0

ODE runs until T (maximum reaction time)

• f 34

• f 34

v0 −v0 v0 −v0

Velocity-Displacement Space

25

Velocity Displacement

Run 1 Run 2

Each coloured line is

• ne control cycle

What happens when actual run time < T?

Start:
 displacement = 0, velocity = v0

ODE runs until T (maximum reaction time)

• f 34

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

Velocity (v) Displacement (x)

dv dx = 2 T

26 of 34

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

Velocity (v) Displacement (x)

Curves do not form an outer bound

dv dx = 2 T

26 of 34

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

Velocity (v) Displacement (x)

Curves do not form an outer bound But the diamonds do! Each has the same aspect ratio with gradient 2/T, independent of v and x

dv dx = 2 T

26 of 34

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

Velocity (v) Displacement (x)

Curves do not form an outer bound But the diamonds do! Each has the same aspect ratio with gradient 2/T, independent of v and x

dv dx = 2 T

State will never exit the current diamond we are in → bounded displacement!

26 of 34

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

Velocity (v) Displacement (x)

Curves do not form an outer bound But the diamonds do! Each has the same aspect ratio with gradient 2/T, independent of v and x

dv dx = 2 T

State will never exit the current diamond we are in → bounded displacement! Also serves as loop invariant

26 of 34

• f 34

[C*] A class of controllers

• Previous controllers
• acceleration := - 1 * velocity / T [Type A]
• acceleration := - 2 * velocity / T [Type B]
• Spectrum of controllers given ‘overshoot factor’ 𝛿
• acceleration := - 𝛿 * velocity / T [Type C]

27

Similar arguments prove stability and safety of controllers for 0 < 𝛿 ≤ 2

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

Assume deterministic reaction time T, 1<𝛿<2

28

Velocity Displacement

Essentially similar to 𝛿 = 2

• f 34

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

Assume deterministic reaction time T, 1<𝛿<2

28

Velocity Displacement

Essentially similar to 𝛿 = 2

• f 34

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

0 < 𝛿 < 1

29

Velocity Displacement

Never reaches negative velocity

• f 34

v0 −v0 v0 −v0

Run 1 Run 2 Run 3 Run 4

0 < 𝛿 < 1

29

Velocity Displacement

Never reaches negative velocity

• f 34

Comparison of controllers

30

Sharpness of Bound Oscillations None Possible `Exponentially stable’ Stability

Overdamped Underdamped 𝛿 = ε > 0 𝛿 = 2 Undamped [B] 𝛿 = 1 Critical Damping [A]

• f 34

31

v0 −v0 v0 −v0

BRund Run 1 Run 2 Run 3 Run 4

Velocity Displacement

Varying 𝛿 between cycles

Limited case of nondeterminism

• f 34

2D case

32

y: altitude x: location on horizon

R, radar beam radius R’ safe radius

Independent controller for each axis Bounded by up to a factor of √2

• f 34

Future work

• Nondeterministic acceleration
• Nondeterminism in target acceleration (did not fjnd controller)
• Aircraft may change its acceleration at arbitrary times
• Nondeterminism in acceleration per cycle (did not fjnd controller)
• Equivalent to adding adversarial ‘noise’ in our control
• Varying 𝛿 per cycle (‘almost’ proven)
• We postulate that our class of controllers are not sufficiently expressive


(oblivious to present velocity)

• Higher fjdelity 2D aircraft dynamics → tighter bounds (?)
• e.g., maximum rate of climb bounded by speed of plane,


maximum aircraft acceleration bounded by typical G tolerance

33

• f 34

Summary

• Verifjed a class of controllers using 2 methods
• Identifjed reasonable controllers and associated energy functions
• Applications beyond aircraft tracking
• Tracking of objects in sports (e.g., baseball, soccer)
• Safe driving with cars both ahead and behind

34

Any questions?