Vehicle automation has progressed from systems that monitor the operation of a vehicle, such as antilock brakes and cruise control, to systems that sense adjacent vehicles, such as emergency braking and intelligent cruise control. The next generation of systems will share sensor readings and collaborate to control braking operations by looking several cars ahead or by creating safe gaps for merging vehicles. Before we allow collaborative systems on public highways we must prove that they will do no harm, even when multiple rare events occur. The events will include loss of communications, failures or inaccuracies of sensors, mechanical failures in the automobile, aggressive drivers who are not participating in the system, and unusual obstacles or events on the roadways. The rules that control the interaction between vehicles is a protocol. There is a large body of work to verify the correctness of communications protocols and test that different implementations of the protocol will interact properly. However, it is difficult to apply these techniques to the protocols for collaborative driving systems because they are much more complex: 1) They interact with the physical world in more ways, through a network of sensors and the physical operation of the automobile as well as the communications channel; 2) They perform time critical operations that use multiple timers; And, 3) they may have more parties participating. In [1] we have verified that a three party protocol that assists a driver who wants to merge between two cars in an adjacent lane will not cause an accident for combinations of rare events. The verification uses a probabilistic sequence testing technique [2] that was developed for communications protocols. We were only able to use the communications technique after designing and specifying the collaborative driving protocol in a particular way. We have generalized the techniques used in the earlier work so that we can design collaborative driving protocols that can be verified. We have 1) a non-layered architecture, 2) a new class of protocols based upon time synchronized participants, and 3) a data management rule. 1) Communications protocols use a layered architecture. Protocol complexity is reduced by using the services provided by a lower layer. The layered architecture is not sufficient for collaborative driving protocols because they operate over multiple physical platforms. Instead, we define a smoke stack architecture that is interconnected. 2) The operation of protocols with multiple timers is more difficult to analyze because there are different sequences of operations depending on the relative times when the timers are initiated. Instead of using timers, we design protocols that use absolute time. This is reasonable because of the accurate time acquired from GPS and the accuracy of current clocks while GPS is not available. 3) Finally, in order for programs in different vehicles to make the same decisions they must use the same data. Our design merges the readings of sensors in different vehicles and uses a communications protocol that guarantees that all vehicles have the same sequence of messages and only use the messages that all vehicles have acquired. 1. Bohyun Kim, N. F. Maxemchuk, "A Safe Driver Assisted Merge Protocol," IEEE Systems Conference 2012, 19-22 Mar. 2012, Vancouver, BC, Canada, pp. 1-4. 2. N. F. Maxemchuk, K. K. Sabnani, "Probabilistic Verification of Communication Protocols," Distributed Computing Journal, Springer Verlag, no. 3, Sept. 1989, pp. 118-129.

The objective of this research is to address fundamental challenges in the verification and analysis of reconfigurable distributed hybrid control systems. These occur frequently whenever control decisions for a continuous plant depend on the actions and state of other participants. They are not supported by verification technology today. The approach advocated here is to develop strictly compositional proof-based verification techniques to close this analytic gap in cyber-physical system design and to overcome scalability issues. This project develops techniques using symbolic invariants for differential equations to address the analytic gap between nonlinear applications and present verification techniques for linear dynamics. This project aims at transformative research changing the scope of systems that can be analyzed. The proposed research develops a compositional proof-based approach to hybrid systems verification in contrast to the dominant automata-based verification approaches. It represents a major improvement addressing the challenges of composition, reconfiguration, and nonlinearity in system models The proposed research has significant applications in the verification of safety-critical properties in next generation cyber-physical systems. This includes distributed car control, robotic swarms, and unmanned aerial vehicle cooperation schemes to full collision avoidance protocols for multiple aircraft. Analysis tools for distributed hybrid systems have a broad range of applications of varying degrees of safety-criticality, validation cost, and operative risk. Analytic techniques that find bugs or ensure correct functioning can save lives and money, and therefore are likely to have substantial economic and societal impact.

The objective of this research is to develop numerical techniques for solving partial differential equations (PDE) that govern information flow in dense wireless networks. Despite the analogy of information flow in these networks to physical phenomena such as thermodynamics and fluid mechanics, many physical and protocol imposed constraints make information flow PDEs unique and different from the observed PDEs in physical phenomena. The approach is to develop a systematic method where a unified framework is capable of optimizing a broad class of objective functions on the information flow in a network of a massive number of nodes. The objective function is defined depending on desired property of the geometric paths of information. This leads to PDEs whose form varies depending on the optimization objective. Finally, numerical techniques will be developed to solve the PDEs in a network setting and in a distributed manner. The intellectual merits of this project are: developing mathematical tools that address a broad range of design objectives in large scale wireless sensor networks under a unified framework; initiating a new field on numerical analysis of information flow in dense wireless networks; and developing design tools for networking problems such as transport capacity, routing, and load balancing. The broader impacts of this research are: helping the development of next generation wireless networks; encouraging involvement of undergraduate students and underrepresented groups, and incorporating the research results into graduate level courses. Additionally, the research is interdisciplinary, bringing together sensor networking, theoretical physics, partial differential equations, and numerical optimization.

The objectives of this research are to design a heterogeneous network of embedded systems so that faults can be quickly detected and isolated and to develop on-line and off-line fault diagnosis and prognosis methods. Our approach is to develop functional dependency models between the failure modes and the concomitant monitoring mechanisms, which form the basis for failure modes, effects and criticality analysis, design for testability, diagnostic inference, and the remaining useful life estimation of (hardware) components. Over the last few years, the electronic explosion in automotive vehicles and other application domains has significantly increased the complexity, heterogeneity, and interconnectedness of embedded systems. To address the cross-subsystem malfunction phenomena in such networked systems, it is essential to develop a common methodology that: (i) identifies the potential failure modes associated with software, hardware, and hardware-software interfaces; (ii) generates functional dependencies between the failure modes and tests; (iii) provides an on-line/off-line diagnosis system; (iv) computes the remaining useful life estimates of components based on the diagnosis; and (iv) validates the diagnostic and prognostic inference methods via fault injection prior to deployment in the field. The development of functional dependency models and diagnostic inference from these models to aid in online and remote diagnosis and prognosis of embedded systems is a potentially novel aspect of this effort. This project seeks to improve the competitiveness of the U.S. automotive industry by enhancing vehicle reliability, performance and safety, and by improving customer satisfaction. Other representative applications include aerospace systems, electrification of transportation, medical equipment, and communication and power networks, to name a few.

The objective of this research is to bring high levels of system reliability and integrity to application domains that cannot afford the cost, power, weight, and size associated with physical redundancy. The approach is to develop complementary monitoring algorithms and novel computing architectures that enable the detection of faults. In particular, there is a significant opportunity to reduce the reliance on physical redundancy by combining model-based and data-driven monitoring techniques. Implementing this approach to fault detection would be difficult with existing software and computing architectures. This motivates the development of a general purpose monitoring framework through monitoring-aware compilers coupled with enhancements to multi-core architectures. The intellectual merit of the project is twofold. First, it has the potential to lead to a novel fault detection approach that blends complementary monitoring algorithms. Second, advances in multi-core processors are leveraged to enable implementation of these fault detection approaches. This addresses key themes in cyber-physical systems by investigating the fundamental issue of fault detection for physical systems and by developing a generic processor architecture for monitoring. With respect to broader impact, project offers the potential for positive influences on industrial practice and education. If successful, the design ideas from this project can be incorporated into low-cost multi-core architectures suitable for embedded systems. The potentially transformative performance improvement offered by this framework could also impact current research in run-time verification and on-line monitoring. The research is to be incorporated into the course "Design, Build, Simulate, Test and Fly Small Uninhabited Aerial Vehicles" for senior undergraduate and first-year graduate students.

The objective of this research is to develop a theory of ActionWebs, that is, networked embedded sensor-rich systems, which are taskable for coordination of multiple decision-makers. The approach is to first identify models of ActionWebs using stochastic hybrid systems, an interlinking of continuous dynamical physical models with discrete state representations of interconnection and computation. Second, algorithms will be designed for tasking individual sensors, based on information objectives for the entire system. Third, algorithms for ActionWebs will be developed using multi-objective control methods for meeting safety and efficiency objectives. Two grand challenge applications for this research are in Intelligent Buildings for optimal heating, ventilation, air conditioning, and lighting based on occupant behavior and external environment; and Air Traffic Control for mobile vehicle platforms with sensor suites for environmental sensing to enable safe, convenient, and energy efficient routing. The intellectual merit of this research stems from a conceptual shift of ActionWebs away from passive information gathering to an action-orientation. This involves: modeling of ActionWebs using stochastic hybrid systems; taskable, multi-modal, and mobile sensor webs; and multi-scale action-perception hierarchies. The broader impact of the research is in two grand challenge national problems: energy efficient air transportation, and energy efficient, high productivity buildings, and will tackle social, privacy, economic, and usability issues. Integrated with the research is a program of coursework development in networked embedded systems, across stove pipes in EECS, Aero-Astro, Civil, and Mechanical Engineering departments. Outreach objectives include new course design at San Jose State University, and recruiting more women researchers.

This objective of this proposal is to improve the management of the air traffic system, a cyber-physical system where the need for a tight connection between the computational algorithms and the physical system is critical to safe, reliable and efficient performance. The approach is based on an adaptive multiagent coordination algorithm with a particular emphasis on the systematic selection of the agents, their actions and the agents' reward functions. The intellectual merit lies in addressing the agent coordination problem in a physical setting by shifting the focus from "how to learn" to "what to learn." This paradigm shift allows a separation between the learning algorithms used by agents, and the reward functions used to tie those learning systems into system performance. By exploring agent reward functions that implicitly model agent interactions based on feedback from the real world, this work aims to build cyber-physical systems where an agent that learns to optimize its own reward leads to the optimization of the system objective function. The broader impact is in providing new air traffic flow management algorithms that will significantly reduce air traffic congestion. The potential impact cannot only be measured in currency ($41B loss in 2007) but in terms of improved experience by all travelers, providing a significant benefit to society. In addition, the PIs will use this project to train graduate and undergraduate students (i) by developing new courses in multiagent learning for transportation systems; and (ii) by providing summer internship opportunities at NASA Ames Research Center.

The objective of this research is to develop technologies to improve the efficiency and safety of the road transportation infrastructure. The approach is to develop location-based vehicular services combining on-board automotive computers, in-car devices, mobile phones, and roadside monitoring/surveillance systems. The resulting vehicular Cyber Physical Systems (CPS) can reduce travel times with smart routing, save fuel and reduce carbon emissions by determining greener routes and commute times, improve safety by detecting road hazards, change driving behavior using smart tolling, and enable measurement-based insurance plans that incentivize good driving. This research develops distributed algorithms for predictive travel delay modeling, feedback-based routing, and road hazard assessment. It develops privacy-preserving protocols for capturing and analyzing data and using it for tasks such as congestion-aware tolling. It also develops a secure macro-tasking software run-time substrate to ensure that algorithms can be programmed centrally without explicitly programming each node separately, while ensuring that it is safe to run third-party code. The research focuses on re-usable methods that can benefit multiple vehicular services, and investigates which lessons learned from this vehicular CPS effort generalize to other situations. Road transportation is a grand challenge problem for modern society, which this research can help overcome. Automobile vendors, component developers, and municipal authorities have all shown interest in deployment. The education plan includes outreach to local K-12 students and a new undergraduate course on transportation from a CPS perspective, which will involve term projects using the data collected in the project

The objective of this research is to study the formal design and verification of advanced vehicle dynamics control systems. The approach is to consider the vehicle-driver-road system as a cyber-physical system (CPS) by focusing on three critical components: (i) the tire-road interaction; (ii) the driver-vehicle interaction; and (iii) the controller design and validation. Methods for quantifying and estimating the uncertainty of the road friction coefficient by using self-powered wireless sensors embedded in the tire are developed for considering tire-road interaction. Tools for real-time identification of nominal driver behavior and uncertainty bounds by using in-vehicle cameras and body wireless sensors are developed for considering driver-vehicle interaction. A predictive hybrid supervisory control scheme will guarantee that the vehicle performs safely for all possible uncertainty levels. In particular, for controller design and validation, the CPS autonomy level is continuously adapted as a function of human and environment conditions and their uncertainty bounds quantified by considering tire-road and driver-vehicle interaction. High confidence is critical in all human operated and supervised cyber-physical systems. These include environmental monitoring, telesurgery, power networks, and any transportation CPS. When human and environment uncertainty bounds can be predicted, safety can be robustly guaranteed by a proper controller design and validation. This avoids lengthy and expensive trial and error design procedures and drastically increases their confidence level. Graduate, undergraduate and underrepresented engineering students benefit from this project through classroom instruction, involvement in the research and substantial interaction with industrial partners from the fields of tires, vehicle active safety, and wireless sensors.

This objective of this proposal is to improve the management of the air traffic system, a cyber-physical system where the need for a tight connection between the computational algorithms and the physical system is critical to safe, reliable and efficient performance. The approach is based on an adaptive multi-agent coordination algorithm with a particular emphasis on the systematic selection of the agents, their actions and the agents' reward functions. The intellectual merit lies in addressing the agent coordination problem in a physical setting by shifting the focus from ``how to learn" to ``what to learn." This paradigm shift allows a separation between the learning algorithms used by agents, and the reward functions used to tie those learning systems into system performance. By exploring agent reward functions that implicitly model agent interactions based on feedback from the real world, this work aims to build cyber-physical systems where an agent that learns to optimize its own reward leads to the optimization of the system objective function. The broader impact is in providing new air traffic flow management algorithms that will significantly reduce air traffic congestion. The potential impact cannot only be measured in currency ($41B loss in 2007) but in terms of improved experience by all travelers, providing a significant benefit to society. In addition, the PIs will use this project to train graduate and undergraduate students (i) by developing new courses in multi-agent learning for transportation systems; and (ii) by providing summer internship opportunities at NASA Ames Research Center.