Abstract
We propose an approach to synthesize Simplex architectures that are provably correct for a rich class of temporal specifications, and are high-performant by optimizing for the time the advanced controller is active. We achieve provable correctness by performing a static verification of the baseline controller. The result of this verification is a set of states which is proven to be safe, called the recoverable region. During runtime, our Simplex architecture adapts towards a running advanced controller by exploiting proof-on-demand techniques. Verification of hybrid systems is often overly conservative, resulting in over-conservative recoverable regions that cause unnecessary switches to the baseline controller. To avoid these switches, we invoke targeted reachability queries to extend the recoverable region at runtime.
Our offline and online verification relies upon reachability analysis, since it allows observation-based extension of the known recoverable region. However, detecting fix-points for bounded liveness properties is a challenging task for most hybrid system reachability analysis tools. We present several optimizations for efficient fix-point computations that we implemented in the state-of-the-art tool HyPro that allowed us to automatically synthesize verified and performant Simplex architectures for advanced case studies, like safe autonomous driving on a race track.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement № 956123 - FOCETA, the Austrian FWF project ZK-35, the austrian research promotion agency FFG projects ADVANCED (№ 874044) and FATE (№ 894789), the Graz University of Technology LEAD Project Dependable Internet of Things in Adverse Environments, and the State Government of Styria, Austria – Department Zukunftsfonds Steiermark.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alshiekh, M., Bloem, R., Ehlers, R., Könighofer, B., Niekum, S., Topcu, U.: Safe reinforcement learning via shielding. In: AAAI, pp. 2669–2678. AAAI Press (2018)
Alur, R., Courcoubetis, C., Henzinger, T.A., Ho, P.-H.: Hybrid automata: an algorithmic approach to the specification and verification of hybrid systems. In: Grossman, R.L., Nerode, A., Ravn, A.P., Rischel, H. (eds.) HS 1991-1992. LNCS, vol. 736, pp. 209–229. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57318-6_30
Amidi, O., Thorpe, C.E.: Integrated mobile robot control. In: Mobile Robots V. vol. 1388, pp. 504–523. International Society for Optics and Photonics, SPIE (1991). https://doi.org/10.1117/12.25494
Bak, S., Manamcheri, K., Mitra, S., Caccamo, M.: Sandboxing controllers for cyber-physical systems. In: ICCPS, pp. 3–12. IEEE Computer Society (2011). https://doi.org/10.1109/ICCPS.2011.25
Belta, C., Yordanov, B., Aydin Gol, E.: Formal methods for discrete-time dynamical systems. SSDC, vol. 89. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50763-7
Chutinan, A., Krogh, B.H.: Computational techniques for hybrid system verification. IEEE Trans. Autom. Control 48(1), 64–75 (2003). https://doi.org/10.1109/TAC.2002.806655
Crenshaw, T.L., Gunter, E.L., Robinson, C.L., Sha, L., Kumar, P.R.: The simplex reference model: limiting fault-propagation due to unreliable components in cyber-physical system architectures. In: RTSS, pp. 400–412. IEEE Computer Society (2007). https://doi.org/10.1109/RTSS.2007.34
Frehse, G., et al.: A toolchain for verifying safety properties of hybrid automata via pattern templates. In: ACC, pp. 2384–2391. IEEE (2018). https://doi.org/10.23919/ACC.2018.8431324
Heilmeier, A., Wischnewski, A., Hermansdorfer, L., Betz, J., Lienkamp, M., Lohmann, B.: Minimum curvature trajectory planning and control for an autonomous race car. Vehicle Syst. Dynam. 58(10), 1497–1527 (2020). https://doi.org/10.1080/00423114.2019.1631455
Henzinger, T.A.: The theory of hybrid automata. In: Inan, M.K., Kurshan, R.P. (eds.) Verification of Digital and Hybrid Systems. NATO ASI Series, vol. 170, pp. 265–292. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-642-59615-5_13
Henzinger, T.A., Kopke, P.W., Puri, A., Varaiya, P.: What’s decidable about hybrid automata? J. Comput. Syst. Sci. 57(1), 94–124 (1998). https://doi.org/10.1006/jcss.1998.1581
Ionescu, T.B.: Adaptive simplex architecture for safe, real-time robot path planning. Sensors 21(8), s21082589 (2021). https://doi.org/10.3390/s21082589
Johnson, T.T., Bak, S., Caccamo, M., Sha, L.: Real-time reachability for verified simplex design. ACM Trans. Embed. Comput. Syst. 15(2), 1–27 (2016). https://doi.org/10.1145/2723871
Maler, O., Nickovic, D.: Monitoring temporal properties of continuous signals. In: Lakhnech, Y., Yovine, S. (eds.) FORMATS/FTRTFT -2004. LNCS, vol. 3253, pp. 152–166. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30206-3_12
Marta, D., Pek, C., Melsión, G.I., Tumova, J., Leite, I.: Human-feedback shield synthesis for perceived safety in deep reinforcement learning. IEEE Robotics Autom. Lett. 7(1), 406–413 (2022). https://doi.org/10.1109/LRA.2021.3128237
Meagher, D.: Geometric modeling using octree encoding. Comput. Graphics Image Process. 19(2), 129–147 (1982). https://doi.org/10.1016/0146-664X(82)90104-6
Mehmood, U., Stoller, S.D., Grosu, R., Roy, S., Damare, A., Smolka, S.A.: A distributed simplex architecture for multi-agent systems. In: Qin, S., Woodcock, J., Zhang, W. (eds.) SETTA 2021. LNCS, vol. 13071, pp. 239–257. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-91265-9_13
Mehmood, U., D. Stoller, S., Grosu, R., A. Smolka, S.: Collision-free 3D flocking using the distributed simplex architecture. In: Bartocci, E., Falcone, Y., Leucker, M. (eds.) Formal Methods in Outer Space. LNCS, vol. 13065, pp. 147–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-87348-6_9
Phan, D.T., Grosu, R., Jansen, N., Paoletti, N., Smolka, S.A., Stoller, S.D.: Neural simplex architecture. In: Lee, R., Jha, S., Mavridou, A., Giannakopoulou, D. (eds.) NFM 2020. LNCS, vol. 12229, pp. 97–114. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-55754-6_6
Prajna, S., Jadbabaie, A.: Safety verification of hybrid systems using barrier certificates. In: Alur, R., Pappas, G.J. (eds.) HSCC 2004. LNCS, vol. 2993, pp. 477–492. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24743-2_32
Romdlony, M.Z., Jayawardhana, B.: Stabilization with guaranteed safety using control Lyapunov-barrier function. Automatica 66, 39–47 (2016). https://doi.org/10.1016/j.automatica.2015.12.011
Schupp, S.: State set representations and their usage in the reachability analysis of hybrid systems, Ph. D. thesis, RWTH Aachen University, Aachen (2019). https://doi.org/10.18154/RWTH-2019-08875
Schupp, S., et al.: Current challenges in the verification of hybrid systems. In: Berger, C., Mousavi, M.R. (eds.) CyPhy 2015. LNCS, vol. 9361, pp. 8–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25141-7_2
Schupp, S., Ábrahám, E., Makhlouf, I.B., Kowalewski, S.: HyPro: A C++ library of state set representations for hybrid systems reachability analysis. In: Barrett, C., Davies, M., Kahsai, T. (eds.) NFM 2017. LNCS, vol. 10227, pp. 288–294. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57288-8_20
Seto, D., Krogh, B., Sha, L., Chutinan, A.: The simplex architecture for safe online control system upgrades. In: ACC, pp. 3504–3508. IEEE (1998). https://doi.org/10.1109/ACC.1998.703255
Sha, L.: Using simplicity to control complexity. IEEE Softw. 4, 20–28 (2001). https://doi.org/10.1109/MS.2001.936213
Shivakumar, S., Torfah, H., Desai, A., Seshia, S.A.: SOTER on ROS: a run-time assurance framework on the robot operating system. In: Deshmukh, J., Ničković, D. (eds.) RV 2020. LNCS, vol. 12399, pp. 184–194. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60508-7_10
Simão, T.D., Jansen, N., Spaan, M.T.J.: Alwayssafe: reinforcement learning without safety constraint violations during training. In: Dignum, F., Lomuscio, A., Endriss, U., Nowé, A. (eds.) AAMAS 2021: 20th International Conference on Autonomous Agents and Multiagent Systems, Virtual Event, United Kingdom, 3–7 May 2021, pp. 1226–1235. ACM (2021). https://doi.org/10.5555/3463952.3464094
Yang, J., Islam, M.A., Murthy, A., Smolka, S.A., Stoller, S.D.: A simplex architecture for hybrid systems using barrier certificates. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10488, pp. 117–131. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66266-4_8
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Maderbacher, B., Schupp, S., Bartocci, E., Bloem, R., Ničković, D., Könighofer, B. (2023). Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties. In: Caltais, G., Schilling, C. (eds) Model Checking Software. SPIN 2023. Lecture Notes in Computer Science, vol 13872. Springer, Cham. https://doi.org/10.1007/978-3-031-32157-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-32157-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-32156-6
Online ISBN: 978-3-031-32157-3
eBook Packages: Computer ScienceComputer Science (R0)