Systems with distinct dynamical modes, are everywhere in control systems, for instance cars whose gears shift, switching the internal engine dynamics; robots that walk or interact with their environment and spacecraft docking, which switch from contact to non-contact dynamics; HVAC systems whose dynamics switch as units in individual rooms are turned on and off; autonomous vehicles whose trajectory planner switches objectives; or networks of collaborating vehicles whose communication lines change, switching the overall group dynamics. While the literature on stabilizing such systems is mature, keeping them safe (respecting constraints) is less so, especially when mode changes are not tied to particular state locations, but initiated by external events, like communication dropouts or environmental factors.
The fundamental challenge arises because most safety assurances are built off of control invariant sets – regions where a system can safely operate in perpetuity – but when dynamics change, so do the control invariant sets. What once appeared safe can instantaneously become unsafe in a switched system, so we have to build in compatibility requirements between the invariant sets of each mode before we can build safe controllers. Not only does this pose theoretical challenges, but it also involves computational ones. Imagine a network of 10 drones whose changing communication lines induce switches. That network has 245 possible communication structures, and we’d have to find invariant sets that are compatible between each of them… What a nightmare, but that’s what we’ve been working to solve.