Safe Controller Synthesis Using Lyapunov-based Barriers for Linear Hybrid Systems with Simplex Architecture

TL;DR

This paper introduces a novel Lyapunov-based barrier method for synthesizing backup safe controllers in hybrid systems, ensuring maximal safety, timely recovery, and efficient switching to optimize resource use.

Contribution

It presents the first approach to design safe controllers that maximize safe regions and guarantee timely recovery with minimal resource consumption in hybrid systems.

Findings

Maximal safe operating regions achieved

Guaranteed timely recovery from unsafe states

Efficient switching policy reduces resource usage

Abstract

Modern cyber-physical systems often have a two-layered design, where the primary controller is AI-enabled or an analytical controller optimising some specific cost function. If the resulting control action is perceived as unsafe, a secondary safety-focused backup controller is activated. The existing backup controller design schemes do not consider a real-time deadline for the course correction of a potentially unsafe system trajectory or constrain maximisation of the safe operating region as a synthesis criterion. This essentially implies an eventual safety guarantee over a small operating region. This paper proposes a novel design method for backup safe controllers (BSCs) that ensure invariance across the largest possible region in the safe state space, along with a guarantee for timely recovery when the system states deviate from their usual behaviour. This is the first work to synthesise safe controllers that ensure maximal safety and timely recovery while aiming at minimal resource usage by switching between BSCs with different execution rates. An online safe controller activation policy is also proposed to switch between BSCs (and the primary optimal controller) to optimise processing bandwidth for control computation. To establish the efficacy of the proposed method, we evaluate the safety and recovery time of the proposed safe controllers, as well as the activation policy, in closed loops with linear hybrid dynamical systems under budgeted bandwidth.