danesabo/PWR-HYBRID-3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
PWR-HYBRID-3/reachability/README.md
Dane Sabo 02a675c152 reachability: first per-mode reach tube and barrier-cert attempt 
Stand up reachability/ with a hand-rolled zonotope propagator for
linear closed-loop systems (reach_linear.m: axis-aligned box hull,
augmented-matrix integration for the disturbance convolution). Use it
in reach_operation.m to discharge the operation-mode safety obligation:
from a +/-0.1 K box on T_avg, under Q_sg in [85%, 100%]*P0, LQR keeps
T_c within 0.03 K of setpoint over 600 s. Safety band is +/-5 K, so
the obligation is satisfied with five orders of margin.

barrier_lyapunov.m attempts the analytic counterpart via a weighted
Lyapunov function. Sweeping the Qbar(T_c) weight, the best quadratic
barrier allows ~33 K deviation on the gamma level set — still outside
the 5 K safety band. This is a fundamental limitation of quadratic
barriers for anisotropic safety specs (thin-slab safe set in a
precursor-heavy state space). Documented in the file: next step for a
tight analytic certificate is SOS polynomial or polytopic barrier,
which need solvers we don't have locally yet.

reach_linear.m started out with a halfwidth-propagation bug (signed
A_step instead of |A_step|); fixed before commit after noticing the
reach envelope exactly matched the initial box on T_c.

Figures saved to docs/figures/. .mat result files gitignored — they
are regenerated in <1s.

Hacker-Split: first end-to-end per-mode reachability artifact.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 12:52:37 -04:00

56 lines
2.0 KiB
Markdown
Raw Blame History

# Reachability
Continuous-mode verification for the PWR_HYBRID_3 hybrid controller.
## Status
**Per-mode only.** Following the compositionality argument in the thesis:
verify each continuous mode separately, let the DRC handle discrete
switching. Current focus: **operation mode** under LQR feedback.
## What's here
- `linearization_at_op.mat` — A, B, B_w and reference point, generated by
`../plant-model/test_linearize.m`.
- `reach_linear.m` — box-zonotope propagation of the closed-loop linear
model under bounded disturbance. Pure MATLAB, no external toolbox.
- `barrier_lyapunov.m` — Lyapunov-ellipsoid barrier certificate for the
closed-loop linear system. Solves a Lyapunov equation, reports the
smallest sub-level set containing the initial set and closed under
the disturbance.
- `reach_operation.m` — end-to-end operation-mode reach: linearize at
x_op, compute LQR gain, propagate zonotope reach set, check against
the `t_avg_in_range` predicate.
- `figures/` — generated plots.
## Running
From MATLAB:
```matlab
cd reachability
reach_operation % computes reach set + plots
barrier_lyapunov % solves Lyapunov, reports invariant ellipsoid
```
## Tool choice
Currently using a hand-rolled zonotope reach because:
- Avoids a ~0.5 GB CORA install for a first-pass result.
- Linear reach with bounded disturbance has a clean analytic form
(matrix exponential on the state, integral of e^(A(t-s))·B_w·w ds
for the disturbance).
- Stays inside MATLAB, which is where the plant model lives.
If we need nonlinear reach (and we will, for non-LQR controllers or
larger reach sets where linearization error matters), the planned
options are CORA (MATLAB) or JuliaReach (port the plant to Julia).
## What this does NOT do yet
- Nonlinear reach for the original P controller on operation.
- Heatup reach (the ramped reference makes x* time-varying — needs
trajectory-LQR or a different formulation).
- Shutdown, scram, initialization reach.
- Hybrid-system level verification (mode switching validity).
Reference in New Issue View Git Blame Copy Permalink