Protocol design for an automated highway system

A structured use of control, communication and computing techologies in vehicles and in the highway can lead to major increases in highway capacity. Our context is an automated highway system (AHS) in which traffic is organized in platoons of closely spaced vehicles under automatic control. The AHS control tasks are arranged in a three-layer hierarchy. At the top or link layer a centralized controller assigns to each vehicle a path through the highway and sets the target size and speed for platoons to reduce congestion. The remaining two layers are distributed among controllers on each vehicle. A vehicle's platoon layer plans its trajectory to conform to its assigned path and to track the target size. The plan consists of a sequence of elementary maneuvers: merge (combines two platoons into one), split (separates one platoon into two), and change lane (enables a single car to change lane). Once the protocol layer determines that a particular maneuver can safely be initiated, it instructs its regulation layer to execute the corresponding precomputed feedback control law which implements the maneuver. This paper focuses on the design of the platoon layer. In order of ensure that it is safe to initiate a maneuver, the platoon layer controller enters into a negotiation with its neighbors. This negotiation is implemented as a protocol—a structured sequence of message exchanges. After a protocol terminates successfully, the movement of the vehicles involved is coordinated and the maneuver can be initiated. A protocol is designed in two stages. In the first stage, the protocol is described as an informal state machine, one machine per vehicle. The informal state machine does not distinguish between actions and conditions referring to the vehicle's environment and those referring to the protocol itself. In the second stage this distinction is enforced and the protocol machines are specified in the formal language COSPAN. COSPAN software is then used to show that the protocol indeed works correctly. One can now be reasonably confident that, properly implemented, the protocol designed here will work as intended.