Supervisory control for collision avoidance in vehicular networks using discrete event abstractions

Abstract

We consider the problem of controlling a set of vehicles at an intersection, in the presence of uncontrolled vehicles and a bounded disturbance. We begin by discretizing the system in space and time to construct a suitable discrete event system (DES) abstraction, and formally define the problem to be solved as that of constructing a supervisor over the discrete state space that is safe (i.e., collision-free), non-deadlocking (i.e., the vehicles all cross the intersection eventually), and maximally permissive with respect to the chosen discretization. We show how to model the uncontrolled vehicles and the disturbance through uncontrollable events of the DES abstraction. We define two types of relations between systems and their abstraction: state reduction and exact state reduction. We prove that, when the abstraction is a state reduction of a continuous system, then we can obtain a safe, non-deadlocking, and maximally permissive memoryless supervisor. This is obtained by translating safety and non-deadlocking specifications to the abstract domain, synthesizing the supervisor in this domain, and finally translating the supervisor back to the concrete domain. We show that, when the abstraction is an exact state reduction, the resulting supervisor will be maximally permissive among the class of all supervisors, not merely memoryless ones. Finally, we provide a customized algorithm and demonstrate its scalability through simulation.

Appendix: Equations for checking safety

This appendix provides the equations that were used in the simulations of Section 9 for verifying the safety of DES transitions (Part 1), and the equations for the pair-wise capture sets for vehicles that cannot simultaneously be inside the intersection (Part 2).

Part 1: Verifying if \(A_{q, u_{c}}(t) \cap B = \emptyset \) for all t ∈ [0,τ].

In part 1 of this appendix, we prove the equations used for verifying the safety of transitions. As stated in Section 8, there are equations for each pair of vehicles \(i, j \in \mathcal {N}\), and verifying the safety of a DES transition for some initial state \(q \in \tilde {Q}\) and u _c ∈ U _c is done by verifying the corresponding equations for each pair of vehicles. We consider three cases (see Section 3): x _i , x _j ≤ 0, |x _i − x _j | < γ (case 1a), x _i , x _j ≥ 0, |x _i − x _j | < γ (case 1b), and \([-\alpha _{r_{i, 1}} < x_{i} < \alpha _{r_{i, 2}}] \wedge [-\alpha _{r_{j, 1}} < x_{j} < \alpha _{r_{j, 2}}]\) (case 2). The equations for these cases are provided in Props. (5)–(7), respectively. Note that there is no “case 1c” when x _i ≤ 0 and x _j ≥ 0, since the vehicles would then be on different roads.

We begin by defining the set \(A_{q, u_{c}}([0, \tau ]) := \bigcup _{t \in [0, \tau ]}A_{q, u_{c}}(t)\). Because the bad set is defined as a union of sets of linear inequalities, with one set for each pair of vehicles, we verify \(A_{q, u_{c}}([0, \tau ]) \cap B = \emptyset \) by considering each pair of vehicles in turn. For any vehicle \(i \in \mathcal {N}\) and any set P ⊆ X, let π _i (P) denote the projection of P onto the x _i axis. Similarly, for any pair of vehicles \(i, j \in \mathcal {N}\) and a set P ⊆ X, let π _{i, j} (P) denote the projection of P onto the x _i − x _j plane. Also recall the notation \(\underline {v}_{u_{c},i}\) and \(\overline {v}_{u_{c},i}\) defined in Eqs. 39 and 40.

Proposition 4

\((x_{i}, x_{j}) \in \pi _{i,j}(A_{q, u_{c}}([0, \tau ]))\) iff all of the following inequalities hold:

$$\begin{array}{@{}rcl@{}} & & x_{i} > q_{i} - \mu\tau/2 \end{array} $$

(41)

$$\begin{array}{@{}rcl@{}} & & x_{j} > q_{j} - \mu\tau/2 \end{array} $$

(42)

$$\begin{array}{@{}rcl@{}} & & x_{i} \le q_{i} + \mu\tau/2 + \overline{v}_{u_{c},i}\tau \end{array} $$

(43)

$$\begin{array}{@{}rcl@{}} & & x_{j} \le q_{j} + \mu\tau/2 + \overline{v}_{u_{c},j}\tau \end{array} $$

(44)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{u_{c},i} (x_{j} - q_{j} + \mu\tau/2) - \underline{v}_{u_{c},j} (x_{i} - q_{i} - \mu\tau/2) > 0 \end{array} $$

(45)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{u_{c},j} (x_{i} - q_{i} + \mu\tau/2) - \underline{v}_{u_{c},i} (x_{j} - q_{j} - \mu\tau/2) > 0 \end{array} $$

(46)

Proof

From Eqs. 39, 40 and the assumption that v _{m i n} + d _{m i n} ≥ μ > 0, we have that \(\pi _{i}(A_{q, u_{c}}(t)) = (q_{i} - \mu \tau /2 + \underline {v}_{u_{c},i}t, q_{i} + \mu \tau /2 + \overline {v}_{u_{c},i}t]\) is an interval whose lower and upper bounds are increasing in time, for every \(i \in \mathcal {N}\). It follows that, for any x _i , the set \(\{t \in \mathbb {R} : x_{i} \in \pi _{i}(A_{q, u_{c}}(t)\}\) will have the form [t _{i, m i n} , t _{i, m a x} ), where \(t_{i, min} := \inf \{t \in \mathbb {R} : x_{i} \in \pi _{i}(A_{q, u_{c}}(t))\}\) and \(t_{i, max} := \sup \{t \in \mathbb {R} : x_{i} \in \pi _{i}(A_{q, u_{c}}(t))\}\) are given by:

$$\begin{array}{@{}rcl@{}} t_{i,min} & = & \frac{x_{i} - q_{i} - \mu\tau/2}{\overline{v}_{u_{c},i}} \end{array} $$

(47)

$$\begin{array}{@{}rcl@{}} t_{i,max} & = & \frac{x_{i} - q_{i} + \mu\tau/2}{\underline{v}_{u_{c},i}} \end{array} $$

(48)

Now define t _{j, m i n} and t _{j, m a x} analogously to t _{i, m i n} and t _{i, m a x} . Then:

$$\begin{array}{@{}rcl@{}} & & \exists t \in [0, \tau] \text{ s.t.} [x_{i} \in \pi_{i}(A_{q, u_{c}}(t))] \wedge [x_{j} \in \pi_{j}(A_{q, u_{c}}(t))]\\ & \Leftrightarrow & [0, \tau] \cap [t_{i,min}, t_{i,max}) \cap [t_{j,min}, t_{j,max}) \neq \emptyset\\ & \Leftrightarrow & \begin{array}{l} [t_{i,max} > 0] \wedge [t_{j,max} > 0] \wedge [t_{i,min} \le \tau] \wedge [t_{j,min} \le \tau]\\ \quad \wedge [t_{j,max} > t_{i,min}] \wedge [t_{i,max} > t_{j,min}] \end{array} \end{array} $$

and these last six inequalities give Eqs. 41–46, in order. □

As stated above, we can check if \(A_{q, u_{c}}([0, \tau ]) \cap B = \emptyset \) by considering each pair of vehicles in turn. There are three types of constraints to consider:

Case 1a: x _i , x _j ≤ 0, |x _i − x _j | < γ.

Lemma 2

Consider any \(\underline {x}_{i}, \overline {x}_{i}, \underline {x}_{j}, \overline {x}_{j} \in \mathbb {R}\) . Then:

$$ \begin{array}{l} \quad (\exists x_{i} \in (\underline{x}_{i}, \overline{x}_{i}])(\exists x_{j} \in (\underline{x}_{j}, \overline{x}_{j}])(x_{i} \le 0 \wedge x_{j} \le 0 \wedge |x_{i} - x_{j}| < \gamma)\\ \Leftrightarrow [\underline{x}_{i} < \overline{x}_{i} \wedge \underline{x}_{i} < 0 \wedge \underline{x}_{j} < \overline{x}_{j} \wedge \underline{x}_{j} < 0 \wedge \underline{x}_{i} - \overline{x}_{j} < \gamma \wedge \underline{x}_{j} - \overline{x}_{i} < \gamma] \end{array} $$

(49)

Proof

(⇒):

$$\begin{array}{@{}rcl@{}} x_{i} \in (\underline{x}_{i}, \overline{x}_{i}] \Rightarrow \underline{x}_{i} < x_{i} \leq \overline{x}_{i} & \Rightarrow & \underline{x}_{i} < \overline{x}_{i}\\ \underline{x}_{i} < x_{i} \wedge x_{i} \le 0 & \Rightarrow & \underline{x}_{i} < 0\\ x_{j} \in (\underline{x}_{j}, \overline{x}_{j}] \Rightarrow \underline{x}_{j} < x_{j} \leq \overline{x}_{j} & \Rightarrow & \underline{x}_{j} < \overline{x}_{j}\\ \underline{x}_{j} < x_{j} \wedge x_{j} \le 0 & \Rightarrow & \underline{x}_{j} < 0\\ x_{i} - x_{j} < \gamma \wedge \underline{x}_{i} < x_{i} \wedge x_{j} \le \overline{x}_{j} & \Rightarrow & \underline{x}_{i} - \overline{x}_{j} < \gamma\\ x_{j} - x_{i} < \gamma \wedge \underline{x}_{j} < x_{j} \wedge x_{i} \le \overline{x}_{i} & \Rightarrow & \underline{x}_{j} - \overline{x}_{i} < \gamma\\ \end{array} $$

(⇐) It cannot be that both \(\underline {x}_{i} - \underline {x}_{j} \geq \gamma \) and \(\underline {x}_{j} - \underline {x}_{i} \geq \gamma \), as this would imply 0 ≥ 2γ>0. Thus, at least one of \(\underline {x}_{i} - \underline {x}_{j} < \gamma \), or \(\underline {x}_{j} - \underline {x}_{i} < \gamma \) holds. If they both hold, we may take \(x_{i} = \underline {x}_{i} + \epsilon \) and \(x_{j} = \underline {x}_{j} + \epsilon \) for some sufficiently small 𝜖>0 and we are done. Suppose without loss of generality then that \(\underline {x}_{i} - \underline {x}_{j} < \gamma \) but \(\underline {x}_{j} - \underline {x}_{i} \geq \gamma \). Let \(\underline {\overline {x}}_{i} = \underline {x}_{j} - \gamma \). Thus, \(\underline {x}_{j} - \underline {\overline {x}}_{i} = \gamma \), \(\underline {\overline {x}}_{i} - \underline {x}_{j} = -\gamma < \gamma \) and \(\underline {\overline {x}}_{i} < 0\) (since \(\underline {x}_{j} < 0\)). We may therefore take \(x_{i} = \underline {\overline {x}}_{i} + 2\epsilon \) and \(x_{j} = \underline {x}_{j} + \epsilon \) for some sufficiently small 𝜖>0 and we are done. □

Proposition 5

The set \(\{(x_{i}, x_{j}) \in \pi _{i,j}(A_{q, u_{c}}([0, \tau ])) : x_{i}, x_{j} \le 0 \wedge |x_{i} - x_{j}| < \gamma \}\) is non-empty iff all of the following inequalities hold:

$$\begin{array}{@{}rcl@{}} & & q_{i} < \mu\tau/2 \end{array} $$

(50)

$$\begin{array}{@{}rcl@{}} & & q_{j} < \mu\tau/2 \end{array} $$

(51)

$$\begin{array}{@{}rcl@{}} & & \underline{v}_{u_{c},j}(q_{i} + \mu\tau/2 + \gamma) - \max\{\overline{v}_{u_{c},i}, \underline{v}_{u_{c},j}\}(q_{j} - \mu\tau/2) > 0 \end{array} $$

(52)

$$\begin{array}{@{}rcl@{}} & & \underline{v}_{u_{c},i}(q_{j} + \mu\tau/2 + \gamma) - \max\{\overline{v}_{u_{c},j}, \underline{v}_{u_{c},i}\}(q_{i} - \mu\tau/2) > 0 \end{array} $$

(53)

$$\begin{array}{@{}rcl@{}} & & [q_{i} + \mu\tau/2 + \gamma + \tau\max\{\overline{v}_{u_{c},i}, \underline{v}_{u_{c},j}\}] - [q_{j} - \mu\tau/2 + \tau\underline{v}_{u_{c},j}] > 0 \end{array} $$

(54)

$$\begin{array}{@{}rcl@{}} & & [q_{j} + \mu\tau/2 + \gamma + \tau\max\{\overline{v}_{u_{c},j}, \underline{v}_{u_{c},i}\}] - [q_{i} - \mu\tau/2 + \tau\underline{v}_{u_{c},i}] > 0 \end{array} $$

(55)

Proof

Let \(\pi _{i}(A_{q, u_{c}}(t)) = (\underline {x}_{i}(t), \overline {x}_{i}(t)]\) and \(\pi _{j}(A_{q, u_{c}}(t)) = (\underline {x}_{j}(t), \overline {x}_{j}(t)]\). By Lemma 2, it is necessary and sufficient to find some t ∈ [0,τ] such that \(\underline {x}_{i}(t) < 0\), \(\underline {x}_{j}(t) < 0\), \(\underline {x}_{i}(t) - \overline {x}_{j}(t) < \gamma \), and \(\underline {x}_{j}(t) - \overline {x}_{i}(t) < \gamma \). Now define t _{i, m a x} , t _{j, m a x} , t _{i − j} , and t _{j − i} by \(\underline {x}_{i}(t_{i,max}) = 0\), \(\underline {x}_{j}(t_{j,max}) = 0\), \(\underline {x}_{i}(t_{i-j}) - \overline {x}_{j}(t_{i-j}) = \gamma \), and \(\underline {x}_{j}(t_{j-i}) - \overline {x}_{i}(t_{j-i}) = \gamma \). These are given by:

$$\begin{array}{@{}rcl@{}} t_{i,max} & = & -\frac{q_{i} - \mu\tau/2}{\underline{v}_{u_{c},i}} \end{array} $$

(56)

$$\begin{array}{@{}rcl@{}} t_{j,max} & = & -\frac{q_{j} - \mu\tau/2}{\underline{v}_{u_{c},j}} \end{array} $$

(57)

$$\begin{array}{@{}rcl@{}} t_{i-j} & = & \frac{(q_{i} - \mu\tau/2) - (q_{j} + \mu\tau/2 + \gamma)}{\overline{v}_{u_{c},j} - \underline{v}_{u_{c},i}} \end{array} $$

(58)

$$\begin{array}{@{}rcl@{}} t_{j-i} & = & \frac{(q_{j} - \mu\tau/2) - (q_{i} + \mu\tau/2 + \gamma)}{\overline{v}_{u_{c},i} - \underline{v}_{u_{c},j}} \end{array} $$

(59)

Obviously, t _{i − j} is only well defined when \(\overline {v}_{u_{c},j} \neq \underline {v}_{u_{c},i}\) and t _{j − i} is only well defined when \(\overline {v}_{u_{c},i} \neq \underline {v}_{u_{c},j}\). Because \(\underline {x}_{i}(t)\) and \(\underline {x}_{j}(t)\) are increasing in time, we have that:

$$\begin{array}{@{}rcl@{}} \underline{x}_{i}(t) < 0 & \Leftrightarrow & t < t_{i,max} \end{array} $$

(60)

$$\begin{array}{@{}rcl@{}} \underline{x}_{j}(t) < 0 & \Leftrightarrow & t < t_{j,max} \end{array} $$

(61)

On the other hand, \(\underline {x}_{i}(t) - \overline {x}_{j}(t)\) is increasing in time if \(\overline {v}_{u_{c},j} < \underline {v}_{u_{c},i}\), decreasing in time if \(\overline {v}_{u_{c},j} > \underline {v}_{u_{c},i}\), and constant if \(\overline {v}_{u_{c},j} = \underline {v}_{u_{c},i}\). It therefore follows that:

$$ \underline{x}_{i}(t) - \overline{x}_{j}(t) < \gamma \Leftrightarrow \left\{\begin{array}{ll} t < t_{i-j}, & \overline{v}_{u_{c},j} < \underline{v}_{u_{c},i}\\ t > t_{i-j}, & \overline{v}_{u_{c},j} > \underline{v}_{u_{c},i}\\ (q_{j} + \mu\tau/2 + \gamma) > (q_{i} - \mu\tau/2), & \overline{v}_{u_{c},j} = \underline{v}_{u_{c},i} \end{array}\right. $$

(62)

Similarly,

$$ \underline{x}_{j}(t) - \overline{x}_{i}(t) < \gamma \Leftrightarrow \left\{\begin{array}{ll} t < t_{j-i}, & \overline{v}_{u_{c},i} < \underline{v}_{u_{c},j}\\ t > t_{j-i}, & \overline{v}_{u_{c},i} > \underline{v}_{u_{c},j}\\ (q_{i} + \mu\tau/2 + \gamma) > (q_{j} - \mu\tau/2), & \overline{v}_{u_{c},i} = \underline{v}_{u_{c},j} \end{array}\right. $$

(63)

This would give nine cases to consider, but three are impossible, since \(\overline {v}_{u_{c},j} < \underline {v}_{u_{c},i} \Rightarrow \underline {v}_{u_{c},j} \leq \overline {v}_{u_{c},j} < \underline {v}_{u_{c},i} \leq \overline {v}_{u_{c},i} \Rightarrow \underline {v}_{u_{c},j} < \overline {v}_{u_{c},i}\) and similarly, \(\overline {v}_{u_{c},i} < \underline {v}_{u_{c},j} \Rightarrow \underline {v}_{u_{c},i} < \overline {v}_{u_{c},j}\). We will consider each of the six remaining cases in turn, but first prove the following claims:

$$\begin{array}{@{}rcl@{}} t_{j-i} < t_{j,max} \wedge t_{i,max} > 0 & \Rightarrow & t_{j-i} < t_{i,max} \end{array} $$

(64)

$$\begin{array}{@{}rcl@{}} t_{i-j} < t_{i,max} \wedge t_{j,max} > 0 & \Rightarrow & t_{i-j} < t_{j,max} \end{array} $$

(65)

$$\begin{array}{@{}rcl@{}} t_{i-j} > 0 \wedge \overline{v}_{u_{c},j} < \underline{v}_{u_{c},i} & \Rightarrow & t_{j-i} < t_{i-j} \end{array} $$

(66)

$$\begin{array}{@{}rcl@{}} t_{j-i} > 0 \wedge \overline{v}_{u_{c},i} < \underline{v}_{u_{c},j} & \Rightarrow & t_{i-j} < t_{j-i} \end{array} $$

(67)

Clearly, Eq. 64 holds if t _{j − i} ≤ 0. If t _{j − i} > 0, then \(\underline {x}_{i}(t_{j-i}) < \overline {x}_{i}(t_{j-i}) = \underline {x}_{j}(t_{j-i}) - \gamma < \underline {x}_{j}(t_{j-i})\). From Eq. 61, we have that \(t_{j-i} < t_{j,max} \Leftrightarrow \underline {x}_{j}(t_{j-i}) < 0\). Hence, \(\underline {x}_{i}(t_{j-i}) < \underline {x}_{j}(t_{j-i}) < 0\) and therefore t _{j − i} < t _{i, m a x} follows from Eq. 60, proving Eq. 64. Equation 65 is proven similarly. To prove Eq. 66, suppose to the contrary that t _{j − i} ≥ t _{i − j} > 0. As before, \(t_{j-i} > 0 \Rightarrow \underline {x}_{i}(t_{j-i}) < \underline {x}_{j}(t_{j-i})\). From \(\overline {v}_{u_{c},j} < \underline {v}_{u_{c},i}\), t _{j − i} ≥ t _{i − j} , and Eq. 62, we have that \(\underline {x}_{i}(t_{j-i}) \geq \overline {x}_{j}(t_{j-i}) + \gamma > \overline {x}_{j}(t_{j-i})\). Thus we have \(\underline {x}_{j}(t_{j-i}) > \underline {x}_{i}(t_{j-i}) > \overline {x}_{j}(t_{j-i})\), which is a contradiction since it cannot be that \(\underline {x}_{j}(t_{j-i}) > \overline {x}_{j}(t_{j-i})\) for t _{j − i} > 0, proving Eq. 66. Equation 67 is proven similarly. We now proceed with the six cases. In what follows, note that Eqs. 52 and 54 both reduce to (q _i + μ τ/2 + γ)>(q _j − μ τ/2) when \(\overline {v}_{u_{c},i} \leq \underline {v}_{u_{c},j}\) and that Eqs. 53 and 55 similarly both reduce to (q _j + μ τ/2 + γ)>(q _i − μ τ/2) when \(\overline {v}_{u_{c},j} \leq \underline {v}_{u_{c},i}\).

Case (i): \(\overline {v}_{u_{c},j} = \underline {v}_{u_{c},i}\) and \(\overline {v}_{u_{c},i} = \underline {v}_{u_{c},j}\).

$$\begin{array}{llr} & \exists t \in [0, \tau] \text{ s.t.} [\underline{x}_{i}(t) < 0] \wedge [\underline{x}_{j}(t) < 0] &\\ & \quad \wedge [\underline{x}_{i}(t) - \overline{x}_{j}(t) < \gamma] \wedge [\underline{x}_{j}(t) - \overline{x}_{i}(t) < \gamma] &\\ \Leftrightarrow & \begin{array}{l} [0, \tau] \cap (-\infty, t_{i,max}) \cap (-\infty, t_{j,max}) \neq \emptyset\\ \quad \wedge [(q_{j} + \mu\tau/2 + \gamma) > (q_{i} - \mu\tau/2)]\\ \quad \wedge [(q_{i} + \mu\tau/2 + \gamma) > (q_{j} - \mu\tau/2)] \end{array} & \text{(Eqs. (60)--(63))}\\ \Leftrightarrow & \begin{array}{l} [0 < t_{i,max}] \wedge [0 < t_{j,max}]\\ \quad \wedge [(q_{j} + \mu\tau/2 + \gamma) > (q_{i} - \mu\tau/2)]\\ \quad \wedge [(q_{i} + \mu\tau/2 + \gamma) > (q_{j} - \mu\tau/2)] \end{array}\\ \Leftrightarrow & [(50)] \wedge [(51)] \wedge [(53) \wedge (55)] \wedge [(52) \wedge (54)] \end{array}$$

Case (ii): \(\overline {v}_{u_{c},j} > \underline {v}_{u_{c},i}\) and \(\overline {v}_{u_{c},i} = \underline {v}_{u_{c},j}\).

$$\begin{array}{llr} & \exists t \in [0, \tau] \text{ s.t.} [\underline{x}_{i}(t) < 0] \wedge [\underline{x}_{j}(t) < 0] &\\ & \quad \wedge [\underline{x}_{i}(t) - \overline{x}_{j}(t) < \gamma] \wedge [\underline{x}_{j}(t) - \overline{x}_{i}(t) < \gamma]\\ \Leftrightarrow & \begin{array}{l} [0, \tau] \cap (-\infty, t_{i,max}) \cap (-\infty, t_{j,max}) \cap (t_{i-j}, \infty) \neq \emptyset\\ \quad \wedge [(q_{i} + \mu\tau/2 + \gamma) > (q_{j} - \mu\tau/2)] \end{array} \hspace*{50pt} \text{(Eqs. (60)--(63))}\\ \Leftrightarrow & \begin{array}{l} [0 < t_{i,max}] \wedge [0 < t_{j,max}] \wedge [t_{i-j} < \tau] \wedge [t_{i-j} < t_{i,max}] \wedge [t_{i-j} < t_{j,max}]\\ \quad \wedge [(q_{i} + \mu\tau/2 + \gamma) > (q_{j} - \mu\tau/2)] \end{array}\\ \Leftrightarrow & \begin{array}{l} [0 < t_{i,max}] \wedge [0 < t_{j,max}] \wedge [t_{i-j} < \tau] \wedge [t_{i-j} < t_{i,max}]\\ \quad \wedge [(q_{i} + \mu\tau/2 + \gamma) > (q_{j} - \mu\tau/2)] \end{array} \hspace*{60pt} \text{(Eq. (65))}\\ \Leftrightarrow & [(50)] \wedge [(51)] \wedge [(55)] \wedge [(53)] \wedge [(52) \wedge (54)] \end{array}$$

Case (iii): \(\overline {v}_{u_{c},j} = \underline {v}_{u_{c},i}\) and \(\overline {v}_{u_{c},i} > \underline {v}_{u_{c},j}\).

This is case is symmetrical to Case (ii).

Case (iv): \(\overline {v}_{u_{c},j} < \underline {v}_{u_{c},i}\) and \(\overline {v}_{u_{c},i} > \underline {v}_{u_{c},j}\).

$$\begin{array}{llr} & \exists t \in [0, \tau] \text{ s.t.} [\underline{x}_{i}(t) < 0] \wedge [\underline{x}_{j}(t) < 0] &\\ & \quad \wedge [\underline{x}_{i}(t) - \overline{x}_{j}(t) < \gamma] \wedge [\underline{x}_{j}(t) - \overline{x}_{i}(t) < \gamma] &\\ \Leftrightarrow & [0, \tau] \cap (-\infty, t_{i,max}) \cap (-\infty, t_{j,max}) \cap (-\infty, t_{i-j}) \cap (t_{j-i}, \infty) \neq \emptyset & \text{(Eqs. (60)--(63))}\\ \Leftrightarrow & \begin{array}{l} [0 < t_{i,max}] \wedge [0 < t_{j,max}] \wedge [0 < t_{i-j}] \wedge [t_{j-i} < \tau]\\ \quad\wedge [t_{j-i} < t_{i,max}] \wedge [t_{j-i} < t_{j,max}] \wedge [t_{j-i} < t_{i-j}] \end{array}\\ \Leftrightarrow & [0 < t_{i,max}] \wedge [0 < t_{j,max}] \wedge [0 < t_{i-j}] \wedge [t_{j-i} < \tau] \wedge [t_{j-i} < t_{j,max}] & \text{(Eqs. (64), (66))}\\ \Leftrightarrow & [(50)] \wedge [(51)] \wedge [(53) \wedge (55)] \wedge [(54)] \wedge [(52)] \end{array}$$

Case (v): \(\overline {v}_{u_{c},j} > \underline {v}_{u_{c},i}\) and \(\overline {v}_{u_{c},i} < \underline {v}_{u_{c},j}\).

This is case is symmetrical to Case (iv).

Case (vi): \(\overline {v}_{u_{c},j} > \underline {v}_{u_{c},i}\) and \(\overline {v}_{u_{c},i} > \underline {v}_{u_{c},j}\).

$$\begin{array}{llr} & \exists t \in [0, \tau] \text{ s.t.} [\underline{x}_{i}(t) < 0] \wedge [\underline{x}_{j}(t) < 0] &\\ & \quad\wedge [\underline{x}_{i}(t) - \overline{x}_{j}(t) < \gamma] \wedge [\underline{x}_{j}(t) - \overline{x}_{i}(t) < \gamma] &\\ \Leftrightarrow & [0, \tau] \cap (-\infty, t_{i,max}) \cap (-\infty, t_{j,max}) \cap (t_{i-j}, \infty) \cap (t_{j-i}, \infty) \neq \emptyset & \text{(Eqs. (60)--(63))}\\ \Leftrightarrow & \begin{array}{l} [0 < t_{i,max}] \wedge [0 < t_{j,max}]\\ \quad\wedge [t_{j-i} < \tau] \wedge [t_{j-i} < t_{i,max}] \wedge [t_{j-i} < t_{j,max}]\\ \quad\wedge [t_{i-j} < \tau] \wedge [t_{i-j} < t_{i,max}] \wedge [t_{i-j} < t_{j,max}] \end{array}\\ \Leftrightarrow & \begin{array}{l} [0 < t_{i,max}] \wedge [0 < t_{j,max}]\\ \quad\wedge [t_{j-i} < \tau] \wedge [t_{j-i} < t_{j,max}]\\ \quad\wedge [t_{i-j} < \tau] \wedge [t_{i-j} < t_{i,max}] \end{array} & \text{(Eqs. (64), (65))}\\ \Leftrightarrow & [(50)] \wedge [(51)] \wedge [(54)] \wedge [(52)] \wedge [(55)] \wedge [(53)] \end{array}$$

□

Case 1b: x _i , x _j ≥ 0, |x _i − x _j | < γ.

Proposition 6

The set \(\{(x_{i}, x_{j}) \in \pi _{i,j}(A_{q, u_{c}}([0, \tau ])) : x_{i}, x_{j} \ge 0 \wedge |x_{i} - x_{j}| < \gamma \}\) is non-empty iff all of the following inequalities hold:

$$\begin{array}{@{}rcl@{}} & & q_{i} \geq - \mu\tau/2 - \overline{v}_{u_{c},i}\tau \end{array} $$

(68)

$$\begin{array}{@{}rcl@{}} & & q_{j} \geq - \mu\tau/2 - \overline{v}_{u_{c},j}\tau \end{array} $$

(69)

$$\begin{array}{@{}rcl@{}} & & \begin{array}{l} \max\{\overline{v}_{u_{c},i}, \underline{v}_{u_{c},j}\}(q_{i} + \mu\tau/2 + \tau \overline{v}_{u_{c},i})\\ \quad - \overline{v}_{u_{c},i}(q_{j} - \mu\tau/2 - \gamma + \tau \underline{v}_{u_{c},j}) > 0 \end{array} \end{array} $$

(70)

$$\begin{array}{@{}rcl@{}} & &\begin{array}{l} \max\{\overline{v}_{u_{c},j}, \underline{v}_{u_{c},i}\}(q_{j} + \mu\tau/2 + \tau \overline{v}_{u_{c},j})\\ \quad - \overline{v}_{u_{c},j}(q_{i} - \mu\tau/2 - \gamma + \tau \underline{v}_{u_{c},i}) > 0 \end{array} \end{array} $$

(71)

$$\begin{array}{@{}rcl@{}} & &\begin{array}{l} (q_{i} + \mu\tau/2 + \tau\max\{\underline{v}_{u_{c}, j}, \overline{v}_{u_{c}, i}\})\\ \quad - (q_{j} - \mu\tau/2 - \gamma + \tau\underline{v}_{u_{c}, j}) > 0 \end{array} \end{array} $$

(72)

$$\begin{array}{@{}rcl@{}} & &\begin{array}{l} (q_{j} + \mu\tau/2 + \tau\max\{\underline{v}_{u_{c}, i}, \overline{v}_{u_{c}, j}\})\\ \quad - (q_{i} - \mu\tau/2 - \gamma + \tau\underline{v}_{u_{c}, i}) > 0 \end{array} \end{array} $$

(73)

Proof

The proof is similar to that of Prop. 5, and is omitted. □

Case 2: \([-\alpha _{r_{i, 1}} < x_{i} < \alpha _{r_{i, 2}}] \wedge [-\alpha _{r_{j, 1}} < x_{j} < \alpha _{r_{j, 2}}]\).

Proposition 7

The set \(\{(x_{i}, x_{j}) \in \pi _{i,j}(A_{q, u_{c}}([0, \tau ])): [-\alpha _{r_{i, 1}} < x_{i} < \alpha _{r_{i, 2}}] \wedge [-\alpha _{r_{j, 1}} < x_{j} < \alpha _{r_{j, 2}}]\}\) is non-empty iff all of the following inequalities hold:

$$\begin{array}{@{}rcl@{}} & & q_{i} < \alpha_{r_{i,2}} + \mu\tau/2 \end{array} $$

(74)

$$\begin{array}{@{}rcl@{}} & & q_{j} < \alpha_{r_{j,2}} + \mu\tau/2 \end{array} $$

(75)

$$\begin{array}{@{}rcl@{}} & & q_{i} > -\alpha_{r_{i,1}} - \mu\tau/2 - \overline{v}_{u_{c},i}\tau \end{array} $$

(76)

$$\begin{array}{@{}rcl@{}} & & q_{j} > -\alpha_{r_{j,1}} - \mu\tau/2 - \overline{v}_{u_{c},j}\tau \end{array} $$

(77)

$$\begin{array}{@{}rcl@{}} & & \underline{v}_{u_{c},j} (q_{i} + \mu\tau/2 + \alpha_{r_{i,1}}) - \overline{v}_{u_{c},i} (q_{j} - \mu\tau/2 - \alpha_{r_{j,2}}) > 0 \end{array} $$

(78)

$$\begin{array}{@{}rcl@{}} & & \underline{v}_{u_{c},i} (q_{j} + \mu\tau/2 + \alpha_{r_{j,1}}) - \overline{v}_{u_{c},j} (q_{i} - \mu\tau/2 - \alpha_{r_{i,2}}) > 0 \end{array} $$

(79)

Proof

We proceed similarly to the proof of Prop. 4. From Eqs. 39, 40 and the assumption that v _{m i n} + d _{m i n} ≥μ>0, we have that \(\pi _{i}(A_{q, u_{c}}(t)) = (q_{i} - \mu \tau /2 + \underline {v}_{u_{c},i}t, q_{i} + \mu \tau /2 + \overline {v}_{u_{c},i}t]\) is an interval whose lower and upper bounds are increasing in time, for every \(i \in \mathcal {N}\). It follows that the set \(\phantom {\dot {i}\{t \in \mathbb {R} : (-\alpha _{r_{i, 1}}, \alpha _{r_{i, 2}}) \cap \pi _{i}(A_{\!}q, u_{c}}(t)) \neq \emptyset \}\) will have the form \((t_{i,min}^{2}, t_{i,max}^{2})\), where \(t_{i, min}^{2} := \inf \{t \in \mathbb {R} : (-\alpha _{r_{i, 1}}, \alpha _{r_{i, 2}}) \cap \pi _{i}(A_{q, u_{c}}(t)) \neq \emptyset \}\) and \(t_{i, max}^{2} := \sup \{t \in \mathbb {R} : (-\alpha _{r_{i, 1}}, \alpha _{r_{i, 2}}) \cap \pi _{i}(A_{q, u_{c}}(t)) \neq \emptyset \}\) are given by:

$$\begin{array}{@{}rcl@{}} t_{i,min}^{2} & = & \frac{-q_{i} - \alpha_{r_{i,1}} - \mu\tau/2}{\overline{v}_{u_{c},i}} \end{array} $$

(80)

$$\begin{array}{@{}rcl@{}} t_{i,max}^{2} & = & \frac{-q_{i} + \alpha_{r_{i,2}} + \mu\tau/2}{\underline{v}_{u_{c},i}} \end{array} $$

(81)

Now define \(t_{j,min}^{2}\) and \(t_{j,max}^{2}\) analogously to \(t_{i,min}^{2}\) and \(t_{i,max}^{2}\). Then:

$$\begin{array}{@{}rcl@{}} & & \exists t \in [0, \tau] \text{ s.t.} [(-\alpha_{r_{i, 1}}, \alpha_{r_{i, 2}}) \cap \pi_{i}(A_{q, u_{c}}(t))] \wedge [(-\alpha_{r_{j, 1}}, \alpha_{r_{j, 2}}) \cap \pi_{j}(A_{q, u_{c}}(t))]\\ & \Leftrightarrow & [0, \tau] \cap (t_{i,min}^{2}, t_{i,max}^{2}) \cap (t_{j,min}^{2}, t_{j,max}^{2}) \neq \emptyset\\ & \Leftrightarrow & \begin{array}{l} [t_{i,max}^{2} > 0] \wedge [t_{j,max}^{2} > 0] \wedge [t_{i,min}^{2} < \tau] \wedge [t_{j,min}^{2} < \tau]\\ \quad \wedge t_{j,max}^{2} > t_{i,min}^{2} \wedge t_{i,max}^{2} > t_{j,min}^{2} \end{array} \end{array} $$

and these last six inequalities give Eqs. 74–79, in order. □

Part 2: The Capture Set Optimization

Here we describe the capture set optimization which replaces subroutines NatVic and ContLoss in Alg. 2. The optimization is based on the observation that the bad set is convex (rectangular) for a pair of vehicles which cannot simultaneously be inside the intersection (Case 2 of Part 1). Thus it is straight-forward to compute the capture set of states from which no supervisor can ensure avoidance of the bad set for such a pair of vehicles. Before stating the theorem, we define the minimal and maximal velocities which can be forced by the supervisor, given that it does not control the uncontrolled vehicles or the disturbance:

$$\begin{array}{@{}rcl@{}} \underline{v}_{i}^{c} & = & \left\{\begin{array}{ll}v_{min} + d_{max}, & \text{vehicle \textit{i} is controlled}\\v_{max} + d_{max}, & \text{vehicle \textit{i} is uncontrolled}\end{array}\right. \end{array} $$

(82)

$$\begin{array}{@{}rcl@{}} \overline{v}_{i}^{c} & = & \left\{\begin{array}{ll}v_{max} + d_{min}, & \text{vehicle \textit{i} is controlled}\\v_{min} + d_{min}, & \text{vehicle \textit{i} is uncontrolled}\end{array}\right. \end{array} $$

(83)

Proposition 8

Given two vehicles i and j on different roads, there does not exist any safe and non-deadlocking supervisor \(\sigma : \tilde {Q} \rightarrow 2^{U_{c}}\) with σ(q) ≠ ∅, for any \(q \in \tilde {Q}\) such that ∃x∈ℓ ⁻¹ (q) satisfying all of the following equations:

$$\begin{array}{@{}rcl@{}} & & x_{i} < \alpha_{r_{i,2}} \end{array} $$

(84)

$$\begin{array}{@{}rcl@{}} & & x_{j} < \alpha_{r_{j,2}} \end{array} $$

(85)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{i}^{c}(x_{j} + \alpha_{r_{j,1}}) - \underline{v}_{j}^{c}(x_{i} - \alpha_{r_{i,2}}) > 0 \end{array} $$

(86)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{j}^{c}(x_{i} + \alpha_{r_{i,1}}) - \underline{v}_{i}^{c}(x_{j} - \alpha_{r_{j,2}}) > 0 \end{array} $$

(87)

Proof

First, it follows from the definitions of \(\underline {v}_{i}^{c}\) and \(\overline {v}_{i}^{c}\) that, for any x satisfying Eqs. 84–87 and u _c ∈ U _c , there exists some u _{u c} ∈ U _{u c} and d:[0,τ]→D such that x(t) = x + u(t/τ) + d(t) either remains inside the set given by Eqs. 84–87 for t ∈ [0,τ], or enters the bad set for some t ∈ [0,τ] (see Fig. 9). Second, it follows from v _{m i n} + d _{m i n} > 0 that no control strategy can prevent the vehicles from eventually entering the set \(x_{i} > -\alpha _{r_{i,1}} \wedge x_{j} > -\alpha _{r_{j,1}}\). Thus either the system eventually reaches some state \(q^{\prime } \in \tilde {Q}\) such that σ(q ^′) = ∅, or σ allows the system to enter the bad set. □

Fig. 9

The capture sets of Eqs. 84–97 in the open (left) and closed (right) cases. The blue square denotes the bad set. The set of Eqs. 84–87 is depicted with solid lines, and its inflation by μ τ/2 is depicted in dashed lines. Right: If d _{m i n} and d _{m a x} are integer multiples of μ, then Eqs. 96 and 97 are unnecessary, which is shown by the dotted lines

To obtain the set of states q for which ℓ ⁻¹(q) is contained in the set of Eqs. 84–87, we can take this set and “deflate it” by μ τ/2, to capture the effect of the discretization. This yields the equations used in the capture set version of the NatVic subroutine in Alg. 2. Similarly, we can obtain the set of states q for which there exists some x ∈ ℓ ⁻¹(q) satisfying Eqs. 84–87 by taking this set and “inflating it” by μ τ/2. This yields the equations used in the capture set version of the ContLoss subroutine in Algorithm 2.

In the former case (NatVic), the equations become

$$\begin{array}{@{}rcl@{}} & & q_{i} < \alpha_{r_{i,2}} - \mu\tau/2 \end{array} $$

(88)

$$\begin{array}{@{}rcl@{}} & & q_{j} < \alpha_{r_{j,2}} - \mu\tau/2 \end{array} $$

(89)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{i}^{c}(q_{j} + \alpha_{r_{j,1}} - \mu\tau/2) - \underline{v}_{j}^{c}(q_{i} - \alpha_{r_{i,2}} + \mu\tau/2) > 0 \end{array} $$

(90)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{j}^{c}(q_{i} + \alpha_{r_{i,1}} - \mu\tau/2) - \underline{v}_{i}^{c}(q_{j} - \alpha_{r_{j,2}} + \mu\tau/2) > 0 \end{array} $$

(91)

The latter case (ContLoss) results in one of two possibilities, depending on whether the set of Eqs. 84–87 is open or closed. The set will be open if \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} \leq \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\) and closed if \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} > \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\). If the set is open, the equations become:

$$\begin{array}{@{}rcl@{}} & & q_{i} < \alpha_{r_{i,2}} + \mu\tau/2 \end{array} $$

(92)

$$\begin{array}{@{}rcl@{}} & & q_{j} < \alpha_{r_{j,2}} + \mu\tau/2 \end{array} $$

(93)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{i}^{c}(q_{j} + \alpha_{r_{j,1}} + \mu\tau/2) - \underline{v}_{j}^{c}(q_{i} - \alpha_{r_{i,2}} - \mu\tau/2) > 0 \end{array} $$

(94)

$$\begin{array}{@{}rcl@{}} & & \overline{v}_{j}^{c}(q_{i} + \alpha_{r_{i,1}} + \mu\tau/2) - \underline{v}_{i}^{c}(q_{j} - \alpha_{r_{j,2}} - \mu\tau/2) > 0 \end{array} $$

(95)

If the set is closed, then two more equations must be added in general (see Fig. 9)

$$\begin{array}{@{}rcl@{}} & & q_{i} > \frac{\overline{v}_{i}^{c}\overline{v}_{j}^{c}\alpha_{r_{i,1}} + \overline{v}_{i}^{c}\underline{v}_{i}^{c}\alpha_{r_{j,2}} + \overline{v}_{i}^{c}\underline{v}_{i}^{c}\alpha_{r_{j,1}} + \underline{v}_{i}^{c}\underline{v}_{j}^{c}\alpha_{r_{i,2}}}{\overline{v}_{i}^{c}\overline{v}_{j}^{c} - \underline{v}_{i}^{c}\underline{v}_{j}^{c}} - \mu\tau/2 \end{array} $$

(96)

$$\begin{array}{@{}rcl@{}} & & q_{j} > \frac{\overline{v}_{i}^{c}\overline{v}_{j}^{c}\alpha_{r_{j,1}} + \overline{v}_{j}^{c}\underline{v}_{j}^{c}\alpha_{r_{i,2}} + \overline{v}_{j}^{c}\underline{v}_{j}^{c}\alpha_{r_{i,1}} + \underline{v}_{i}^{c}\underline{v}_{j}^{c}\alpha_{r_{j,2}}}{\overline{v}_{i}^{c}\overline{v}_{j}^{c} - \underline{v}_{i}^{c}\underline{v}_{j}^{c}} - \mu\tau/2 \end{array} $$

(97)

If d _{m i n} and d _{m a x} are integer multiples of μ, then it can be shown these last two equations become unnecessary. We first prove a lemma.

Lemma 3

If d _min and d _max are integer multiples of μ, \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} > \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\) , and \(q \in \tilde {Q}\) satisfies Eqs. 94 and 95 then, for any u _c ∈U _c , there exists \(q^{\prime } \in \mathbf {Post}_{u_{c}}(q)\) that also satisfies Eqs. 94 and 95.

Proof

First note from Eqs. 82 and 83 that, if either vehicle is uncontrolled, then \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} \leq 1\) and \(\frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}} \geq 1\), violating \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} > \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\). It follows that both vehicles are controlled, and that \(\overline {v}_{i}^{c} = \overline {v}_{j}^{c} > \underline {v}_{i}^{c} = \underline {v}_{j}^{c}\). We prove the following claim:

Claim: For any u _c ∈ U _c , there exists some d _i ∈ [d _{m i n} , d _{m a x} ] such that \(u_{c,i}/\tau + d_{i} \in [\underline {v}_{i}^{c}, \overline {v}_{i}^{c}]\) and u _{c, i} /τ + d _i is an integer multiple of μ.

It suffices to prove that, for any u _c ∈ U _c , \([\underline {v}_{i}^{c} - u_{c,i}/\tau , \overline {v}_{i}^{c} - u_{c,i}/\tau ] \cap [d_{min}, d_{max}]\) contains some integral multiple of μ, since we may then take such a value as d _i . Clearly, u _{c, i} /τ ∈ [v _{m i n} , v _{m a x} ], from which it follows that \(\underline {v}_{i}^{c} - u_{c,i}/\tau = v_{min} + d_{max} - u_{c,i}/\tau \le d_{max}\) and that \(\overline {v}_{i}^{c} - u_{c,i}/\tau = v_{max} + d_{min} - u_{c,i}/\tau \ge d_{min}\). Thus, \([\underline {v}_{i}^{c} - u_{c,i}/\tau , \overline {v}_{i}^{c} - u_{c,i}/\tau ] \cap [d_{min}, d_{max}]\) is non-empty. Since it is non-empty, there must be at least one of d _{m i n} and \(\underline {v}_{i}^{c} - u_{c,i}/\tau \) in the intersection of the two sets. Since both d _{m i n} and \(\underline {v}_{i}^{c} - u_{c,i}/\tau \) are multiples of μ, the claim is proven. Constructing d _i and d _j as in the claim, we obtain

$$\frac{\overline{v}_{j}^{c}}{\underline{v}_{i}^{c}} \geq \frac{u_{c,j}/\tau + d_{j}}{u_{c,i}/\tau + d_{i}} \geq \frac{\underline{v}_{j}^{c}}{\overline{v}_{i}^{c}}.$$

It follows that we can take w ∈ W such that w _i = d _i τ and w _j = d _j τ, obtaining q ^′ with \(q_{i}^{\prime } = q_{i} + u_{c,i} + w_{i}\), \(q_{j}^{\prime } = q_{j} + u_{c,j} + w_{j}\) such that \(q^{\prime } \in \mathbf {Post}_{u_{c}}(q)\) satisfies Eqs. 94 and 95. □

Corollary 1

If d _min and d _max are integer multiples of μ then, given two vehicles i and j on different roads, there does not exist any safe and non-deadlocking supervisor \(\sigma : \tilde {Q} \rightarrow 2^{U_{c}}\) with σ(q) ≠ ∅, for any \(q \in \tilde {Q}\) satisfying Eqs. 92 – 95 only (i.e., without satisfying Eqs. 96 and 97 ), even when \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} > \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\).

Proof

We have already shown that the result holds if \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} \leq \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\), or \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} > \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\) and q satisfies Eqs. 92–97. It remains to be shown that the result also holds if d _{m i n} and d _{m a x} are integer multiples of μ, \(\frac {\overline {v}_{j}^{c}}{\underline {v}_{i}^{c}} > \frac {\underline {v}_{j}^{c}}{\overline {v}_{i}^{c}}\), and q satisfies Eqs. 92–95, but not Eqs. 96 and 97. Consider any u _c ∈ U _c . By Lemma 3, there exists \(q^{\prime } \in \mathbf {Post}_{u_{c}}(q)\) that also satisfies Eqs. 94 and 95. There are now three cases to consider:Case 1: q ^′ satisfies Eqs. 92–97.

We have shown in this case there exists no safe and non-deadlocking supervisor from q ^′.

Case 2: q ^′ satisfies Eqs. 92–95, but not both of Eqs. 96 and 97.

Because d _{m i n} + v _{m i n} > 0, Lemma 3 can be applied repeatedly, until a q ^′ is obtained which satisfies Eqs. 96 and 97.

Case 3: q ^′ does not satisfy both of Eqs. 92 and 93.

In this case, the line segment from q to q ^′ either crosses the bad set, or comes within a distance of μ τ/2 of it (see Fig. 9). In the latter case, we can find some pair x ∈ ℓ ⁻¹(q) and x ^′ ∈ ℓ ⁻¹(q ^′) such that the line segment from x to x ^′ crosses the bad set. □

Figure 9 depicts the set described by Eqs. 84–87 of Prop. 8, the inflated set of Eqs. 92–97, and the special case of Cor. 1. The simulations of Section 9 satisfied the property that d _min and d _max were integer multiples of μ, and hence the code used Eqs. 92–95 only.