danesabo/PWR-HYBRID-3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
PWR-HYBRID-3/reachability/README.md
Dane Sabo 02a675c152 reachability: first per-mode reach tube and barrier-cert attempt 
Stand up reachability/ with a hand-rolled zonotope propagator for
linear closed-loop systems (reach_linear.m: axis-aligned box hull,
augmented-matrix integration for the disturbance convolution). Use it
in reach_operation.m to discharge the operation-mode safety obligation:
from a +/-0.1 K box on T_avg, under Q_sg in [85%, 100%]*P0, LQR keeps
T_c within 0.03 K of setpoint over 600 s. Safety band is +/-5 K, so
the obligation is satisfied with five orders of margin.

barrier_lyapunov.m attempts the analytic counterpart via a weighted
Lyapunov function. Sweeping the Qbar(T_c) weight, the best quadratic
barrier allows ~33 K deviation on the gamma level set — still outside
the 5 K safety band. This is a fundamental limitation of quadratic
barriers for anisotropic safety specs (thin-slab safe set in a
precursor-heavy state space). Documented in the file: next step for a
tight analytic certificate is SOS polynomial or polytopic barrier,
which need solvers we don't have locally yet.

reach_linear.m started out with a halfwidth-propagation bug (signed
A_step instead of |A_step|); fixed before commit after noticing the
reach envelope exactly matched the initial box on T_c.

Figures saved to docs/figures/. .mat result files gitignored — they
are regenerated in <1s.

Hacker-Split: first end-to-end per-mode reachability artifact.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 12:52:37 -04:00

2.0 KiB
Raw Blame History

Reachability

Continuous-mode verification for the PWR_HYBRID_3 hybrid controller.

Status

Per-mode only. Following the compositionality argument in the thesis: verify each continuous mode separately, let the DRC handle discrete switching. Current focus: operation mode under LQR feedback.

What's here

  • linearization_at_op.mat — A, B, B_w and reference point, generated by ../plant-model/test_linearize.m.
  • reach_linear.m — box-zonotope propagation of the closed-loop linear model under bounded disturbance. Pure MATLAB, no external toolbox.
  • barrier_lyapunov.m — Lyapunov-ellipsoid barrier certificate for the closed-loop linear system. Solves a Lyapunov equation, reports the smallest sub-level set containing the initial set and closed under the disturbance.
  • reach_operation.m — end-to-end operation-mode reach: linearize at x_op, compute LQR gain, propagate zonotope reach set, check against the t_avg_in_range predicate.
  • figures/ — generated plots.

Running

From MATLAB:

cd reachability
reach_operation     % computes reach set + plots
barrier_lyapunov    % solves Lyapunov, reports invariant ellipsoid

Tool choice

Currently using a hand-rolled zonotope reach because:

  • Avoids a ~0.5 GB CORA install for a first-pass result.
  • Linear reach with bounded disturbance has a clean analytic form (matrix exponential on the state, integral of e^(A(t-s))·B_w·w ds for the disturbance).
  • Stays inside MATLAB, which is where the plant model lives.

If we need nonlinear reach (and we will, for non-LQR controllers or larger reach sets where linearization error matters), the planned options are CORA (MATLAB) or JuliaReach (port the plant to Julia).

What this does NOT do yet

  • Nonlinear reach for the original P controller on operation.
  • Heatup reach (the ramped reference makes x* time-varying — needs trajectory-LQR or a different formulation).
  • Shutdown, scram, initialization reach.
  • Hybrid-system level verification (mode switching validity).