Organization and Control of Autonomous Railway Convoys

More documents

Recommendations

Info

AVEC ’08employed to formally prove safety-critical properties.Systems with thousands of elements and dynamicstructural changes as in the RailCab project do not allowthe specification and verification of the whole system.Instead compositional approaches have to be employed,where parts are precisely defined. Each system part isindividually specified and verified with respect to safetyconditions. The compositional approach then guaranteesthat the whole system is safe with respect to the safetyconditions when the system is correctly assembled fromthe base parts.The Mechatronic UML [7] is a modelling languagewhich supports the compositional specification ofstructure and hybrid (continuous/discrete) behaviour.Additionally, the specifications are compositionallychecked by the Uppaal model checker [8] whether theysatisfy safety-critical properties.In addition to previous work on convoys of only 2RailCabs [9], we extended the specifications to supportconvoys consisting of (a fixed number of) N RailCabs.In a convoy, one RailCab is appointed to coordinate theconvoy by periodically distributing reference values tothe other RailCabs for convoy control and dealing withjoining and leaving RailCabs.In [10], we presented a formal specification andcompositional verification approach for collaborationswith an unknown number of participants. We build onthis foundation and derive the software models from it.Fig. 1 shows the structure of the convoy operationpart of three RailCabs, the first one is the coordinator ofthe convoy and, in addition to the coordinatorcomponent, does also contain the component for drivingin a convoy. This component does receive referencevalues. These include how to behave in case of a hazard[9]. The coordinator component of the two othercomponents is currently not active. Both RailCabs alsoreceive periodically reference values for driving in theconvoy.to the coordinator.The coordinator checks whether it is possible (andbeneficial for the convoy) that the additional RailCabjoins the convoy. If that is the case, the coordinatorcomputes new values concerning the maximal velocityand normal and maximal brake forces for each RailCabin the convoy as well as the potential convoy joinposition and velocity for the new RailCab. If the newRailCab agrees with these values, the coordinator relaysthem to all RailCabs in the convoy (including itself).Finally, the coordinator sends brake delay times to allRailCabs which enables a coordinated convoy brakingin case of a hazard.The messages are sent using data link layers whichmask value and omission faults of the employedwireless network [9].Fig. 2a convoyCommunication protocol concerning the use case: JoiningFig. 1Software structure of a convoy of three RailCabsWe identified the following use cases for theconvoy operation: (1) joining a convoy, (2) leaving aconvoy, and (3) changing the coordinator of a convoy.The communication protocols for these use cases mustbe specified for the individual RailCab as well as thecoordinator.The identified use cases are implemented bycommunication protocols between the participants. Fig.2 shows the communication between a single RailCaband an existing convoy of two RailCabs. The singleRailCab sends a request to join a convoy including itsmaximal velocity, and normal and maximal brake forcesThe components’ behaviours are specified inMatlab Stateflow. The generated code is executed onthe rapid prototyping hardware deployed on theRailCab.The negotiation of the parameters for convoy modeis done by evaluating the vehicle properties a motor,n andv max,n :Minn ∈ 1..N (1){ }{ }a motor = a motor,n , { }v = Min , { 1..N}max v max,nn ∈ (2)The defined parameters are binding for all convoyvehicles. The time delay T delay,n is different for eachRailCab. It depends on the vehicle mass m n in relationto the force of the emergency brake system F eb,n (whichis communicated as a eb,n ):T = T + T(3)delay, n+ 1 delay,n ∆ n+1,n∆Tvvn + 1 nn + 1,n = −(4)aeb,n+ 1 aeb,n
AVEC ’083. CONTROL OF LONGITUDINAL DYNAMICSThe longitudinal control of a vehicle requires amodel of the vehicle dynamics and the actuators whichare presented first in this section. With thismathematical description the controller can be designed.3.1 Vehicle DynamicsA mathematical model of the vehicle dynamics ismandatory for the controller design. It includes thedynamic behavior of the electric drive and the vehiclekinematics. The following assumptions for the vehicledynamics are made:• Complete decoupling of longitudinal andlateral dynamics• No slip in longitudinal direction betweenwheels and railThe vehicles represent a moving mass m n with thesecond order dynamics1& xn = ( FM,n− Froll,n− Fdrag,n− Fslope,n) , n ∈ { 1..N}(5)mnwhereas F M,,n represents the motor thrust and F roll , F drag ,F slope are disturbances. Crucial for the longitudinalcontrol are the limitations. The motor thrust for the testvehicles is limited to 1100 N. The vehicle mass of about1250 kg results in a maximal acceleration of 0.8 m/s 2 onplane track sections. The maximum speed is 10 m/s dueto the tight curves on the test track.The roll resistance of railway vehicles is small andcan be approximated here to be less than 30 N. The airresistance is proportional to v 2 . It is less than 50 Nbecause of the low speed of the test vehicles. It isapproximated to be nearly independent of the vehiclespeed when head wind and down wind are alsoconsidered. However, the downhill slope force cannotbe neglected. It constitutes 570 N at the biggest incline.The applied linear motor is a direct drive whichresults in a linear model with the motor voltage U M,n asthe sole input and the vehicle position x n as the singleoutput as shown in Fig. 3.Fig. 3Modeling of a longitudinal dynamics3.2 Control StructureA controller for the longitudinal dynamics has to bedesigned considering the following constraints:• Automatic adaption to the vehicle mass• Desired driving comfortTherefore the control system includes a referencegenerator which considers the vehicle mass m n and thelimits of the acceleration an,max and the jerk r n, max .The feedback of current position and speed ismandatory for the position control (see Fig. 4). Afollow-up control is applied with set point tracingx * *n ' = x n − d n,brake . The braking distance d n,brake iscalculated by the speed v n and the maximal accelerationa n . The acceleration a n depends on the vehicle mass m nand the position x n as well as the gradients of the trackgiven by a digital map.A cascaded control structure has been realized forthe longitudinal control. The cascaded structure allowslimiting the inner control variables. The innermost loopis the motor current control with a superordinated speedcontrol loop. The outermost control loop constitutes aposition control. The time pattern for the control oflongitudinal dynamics is 1 ms. The linear motorprovides a constant traction independent of externalperturbations. Therefore jerk and acceleration limits canbe guaranteed without employing an accelerationcontrol loop.Fig. 4Structure of longitudinal control4. STRUCTURE OF CONVOY CONTROLSYSTEMThe convoy control requires a wireless networkbetween the RailCabs. Consequently, an extension ofthe control system is required as shown in Fig. 5.Fig. 5Structure of the control system4.1 Network Controlled SystemDriving within a distance between vehicles of lessthan a meter requires information from the in frontdriving vehicle as well as from the convoy leader. If acommunication to the leader exists, convoy stability canbe ensured [4] even in case of speed independentreference distances [12]. Additionally early reactions ondisturbances can be achieved [13] when the desiredtrajectory of the leader and its acceleration is known.The absolute position of the vehicles is veryprecisely measured. Therefore, it is used for distancecontrol in addition to the distance information measuredby the distance sensors. However, the transmitted dataalso includes the speed information. Furthermore thedesired trajectory of the leader is transmitted.Fig. 6Communication structureThe leading vehicle communicates its data via
Page 1: AVEC ’08Organization and Control
Page 5 and 6: AVEC ’08This distance also define

Organization and Control of Autonomous Railway Convoys

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?