Space for Traffic Manoeuvres Ernst-R¨ udiger Olderog Department of Computing Science, University of Oldenburg IFIP WG 2.2 Meeting in Bordeaux, September 2017
Motivation Model MLSL Motorway Dynamics Tool Support The Challenge Prove safety (collision freedom) of traffic manoeuvres on different types of roads. 2/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support The Challenge Prove safety (collision freedom) of traffic manoeuvres on different types of roads. motorways [HLOR11]: D F B A C E 2/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support The Challenge Prove safety (collision freedom) of traffic manoeuvres on different types of roads. country roads [HLO13]: A E C 2/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support The Challenge Prove safety (collision freedom) of traffic manoeuvres on different types of roads. crossings [HS16]: 5 4 B C B B C C A c 3 c 2 D 6 3 c 0 c 1 7 E D 2 F 0 1 2/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Our Approach [HLOR11] Safety is hybrid system verification problem: car dynamics + car controllers + assumptions | = safety 3/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Our Approach [HLOR11] Safety is hybrid system verification problem: car dynamics + car controllers + assumptions | = safety Collision freedom is a spatial property. Our approach is based on spatial logic + abstract controllers hiding car dynamics. 3/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Our Approach [HLOR11] Safety is hybrid system verification problem: car dynamics + car controllers + assumptions | = safety Collision freedom is a spatial property. Our approach is based on spatial logic + abstract controllers hiding car dynamics. Dedicated Multi-Lane Spatial Logic inspired by work in ProCoS: ◮ Moszkowski’s interval temporal logic ◮ Zhou, Hoare and Ravn’s Duration Calculus 3/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Model 2 D F 1 E B 0 A C Preliminaries: ◮ Car identifiers globally unique: A , B ,... Set of all car identifiers: I ◮ Infinite road ( R ) ◮ Lanes: L = { 0 ,..., N } 4/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Model 2 D claim E F 1 E spd(E) B A 0 C pos(E) A traffic snapshot is a structure T = ( pos . spd , res , clm ), where ◮ pos : I → R car positions, ◮ spd : I → R current speeds, ◮ res : I → P ( L ) reserved lanes, ◮ clm : I → P ( L ) claimed lanes. 5/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Transitions → T ′ for an action α of the following type: α T − t → T ′ T − time passes c( C , n ) → T ′ T − − − − claim wd c( C ) → T ′ T − − − − − withdraw claim r( C ) → T ′ T − − reserve wd r( C , n ) → T ′ T − − − − − − withdraw reservation 6/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Local View D E B A view of E View V = ( L , X , E ), where ◮ L subinterval of L , ◮ X subinterval of R , ◮ E ∈ I identifier of car under consideration. 7/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support MLSL: Syntax Multi-Lane Spatial Logic (basic form) Car variables: c , d , special variable ego Formulae φ φ ::= true | c = d | free | re ( c ) | cl ( c ) ( Atoms ) | φ 1 ∧ φ 2 | ¬ φ 1 | ∃ c : φ 1 ( FOL ) | φ 1 � φ 2 | φ 2 ( Spatial ) φ 1 8/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support MLSL: Semantics true � true � φ � ≡ true � Somewhere: φ true Example: Collision check E C 9/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support MLSL: Semantics true � true � φ � ≡ true � Somewhere: φ true Example: Collision check E C 9/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support MLSL: Semantics true � true � φ � ≡ true � Somewhere: φ true Example: Collision check E C � re ( ego ) ∧ re ( c ) � 9/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support MLSL: Semantics true � true � φ � ≡ true � Somewhere: φ true Example: Collision check E C � re ( ego ) ∧ re ( c ) � cc ≡ ∃ c : c � = ego ∧� re ( ego ) ∧ re ( c ) � 9/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support MLSL: Semantics true � true � φ � ≡ true � Somewhere: φ true Example: Collision check E C cc ≡ ∃ c : c � = ego ∧� re ( ego ) ∧ re ( c ) � Safety from ego ’s perspective: ¬ cc 9/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Controller ◮ Automotive Controlling Timed Automata (ACTA) with data variables: ◮ guards and invariants: MLSL formulae and clock/data constraints, ◮ actions: transitions of cars, clock/data updates. 10/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Controller: Sensor Function size D E B safety envelope A view of E Sensor function describes what a car E can see of other cars. We assume perfect knowledge: E sees the full safety envelope. 11/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Controller LCP: Lane Change Perfect Knowledge Potential collision: pc ≡ ∃ c : c � = ego ∧� cl ( ego ) ∧ ( re ( c ) ∨ cl ( c )) � 3 3 C 2 C 2 E E 1 1 0 0 12/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Controller LCP: Lane Change Perfect Knowledge ◮ q 0 : driving: no collision ◮ q 1 : claiming new lane ◮ q 2 : checking for potential collisions ◮ q 3 : reserving new lane and changing lanes ◮ q 0 : withdrawing reservation of old lane pc / wd c( ego ) ¬ pc / x := 0 ¬ pc q 0 : ¬ cc q 1 q 2 : x ≤ to n +1 ≤ N / c( ego , n +1); l := n +1 ¬ pc / r( ego ); x := 0 pc / wd c( ego ) x ≥ t lc / q 3 : x ≤ t lc wd r( ego , l ); n := l 12/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Safety of LCP A traffic snapshot safe if it satisfies Safe ≡ ∀ c , d : c � = d ⇒ ¬� re ( c ) ∧ re ( d ) � . 13/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Safety of LCP A traffic snapshot safe if it satisfies Safe ≡ ∀ c , d : c � = d ⇒ ¬� re ( c ) ∧ re ( d ) � . Assumptions: A1. There is an initial safe traffic snapshot. A2. Every car E has a distance controller DC keeping ¬ cc ≡ ¬∃ c : c � = ego ∧� re ( ego ) ∧ re ( c ) � invariant under time transitions A3. Every car E is equipped with the controller LCP. 13/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Safety of LCP A traffic snapshot safe if it satisfies Safe ≡ ∀ c , d : c � = d ⇒ ¬� re ( c ) ∧ re ( d ) � . Assumptions: A1. There is an initial safe traffic snapshot. A2. Every car E has a distance controller DC keeping ¬ cc ≡ ¬∃ c : c � = ego ∧� re ( ego ) ∧ re ( c ) � invariant under time transitions A3. Every car E is equipped with the controller LCP. Theorem Under the assumptions A1 to A3, every reachable traffic snapshot is safe. 13/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Linking Spatial and Dynamic Model [ORW17] ◮ Spatial model using MLSL formulae built up from atoms like free , re ( c ) , cl ( c ) ◮ Dynamic model built up from differential equations for car dynamics and sensors and actuators of the cars: 14/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Concrete Dynamic Model d 1 Car E follows car C : vE v E C C ds Differential equations of the motion of car E : ˙ d 1 ( t ) = v C ( t ) − v E ( t ) v E ( t ) = − a ( d 1 ( t ) , v C ( t )) v E ( t ) 2 + u ( t ) , ˙ where u ( t ) ∈ [ u , u ] and a is an auxiliary function. Safety distance d s of car E with initial velocity v 0 E can be calculated from these equations. 15/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Linking: Distance Controller DC DC keeps“no collision” ¬∃ c : c � = ego ∧� re ( ego ) ∧ re ( c ) � ¬ cc ≡ invariant under time transitions. “No collision”is symmetric: C E E C 16/24 Space for Traffic Manoeuvres
Motivation Model MLSL Motorway Dynamics Tool Support Linking: Distance Controller DC “No collision forward” : ¬∃ c : c � = ego ∧� re ( ego ) ∧ re ( c ) �∧� c ahead ego � ¬ ccf ≡ d 1 E C ds Linking predicate: ¬ ccf ⇐ d s < d 1 . 16/24 Space for Traffic Manoeuvres
Recommend
More recommend
