User-interfaces for Hybrid Systems: Analysis and Design through Hybrid Reachability

Hybrid systems combine discrete state dynamics, which model the dynamics of mode switching in the system, with continuous state dynamics, which model the physical processes themselves. Human interaction with hybrid systems involves the user, the automation’s discrete mode-logic, and the underlying continuous dynamics of the physical system. Often the user-interface of such systems displays a reduced set of information about the entire system. In safety-critical systems, we wish to identify user-interface designs which do not have adequate information, or which may confuse the user. We present 1) a method of designing a discrete event system abstraction of the hybrid system, in order to analyze, verify, or design user-interfaces for hybrid human-automation systems, and 2) the relationship between user-interfaces and discrete observability properties. Applications of hybrid system theory to automated systems have traditionally assumed that the controller itself is an automaton which runs in parallel with the system under control. We model human interaction with a hybrid system, incorporating the user’s input, the automation’s discrete mode-logic, and the physical system’s nonlinear continuous dynamics. Using a hybrid computational tool for reachability, we find the largest region in which we can guarantee the system can always remain – this is the safe region of operation. By implementing a controller for safety which arises from this computation, we mathematically guarantee that this safe region is invariant. This guarantee holds to the accuracy of the model. Using the computed invariant regions as discrete states, we can abstract a discrete event system from this hybrid system with safety restrictions. This abstraction can be used in existing interface analyses, including existing interface verification and design methods. A user-interface, modeled as a discrete system, must not only be reduced (extraneous information has been eliminated), but also “immediately observable”. We derive conditions for immediate observability, in which the current state can be constructed from the current output and last occurring event. We also show how to synthesize an output for remote