Compositional Verification for Autonomous Systems with Deep Learning Components

As autonomy becomes prevalent in many applications, ranging from recommendation systems to fully autonomous vehicles, there is an increased need to provide safety guarantees for such systems. The problem is difficult, as these are large, complex systems which operate in uncertain environments, requiring data-driven machine-learning components. However, learning techniques such as Deep Neural Networks, widely used today, are inherently unpredictable and lack the theoretical foundations to provide strong assurance guarantees. We present a compositional approach for the scalable, formal verification of autonomous systems that contain Deep Neural Network components. The approach uses assume-guarantee reasoning whereby {\em contracts}, encoding the input-output behavior of individual components, allow the designer to model and incorporate the behavior of the learning-enabled components working side-by-side with the other components. We illustrate the approach on an example taken from the autonomous vehicles domain

A Learning-Based Guidance Selection Mechanism for a Formally Verified Sense and Avoid Algorithm

This paper describes a learning-based strategy for selecting conflict avoidance maneuvers for autonomous unmanned aircraft systems. The selected maneuvers are provided by a formally verified algorithm and they are guaranteed to solve any impending conflict under general assumptions about aircraft dynamics. The decision-making logic that selects the appropriate maneuvers is encoded in a stochastic policy encapsulated as a neural network. The networks parameters are optimized to maximize a reward function. The reward function penalizes loss of separation with other aircraft while rewarding resolutions that result in minimum excursions from the nominal flight plan. This paper provides a description of the technique and presents preliminary simulation results

An information theoretic approach for generating an aircraft avoidance Markov decision process

Developing a collision avoidance system that can meet safety standards required of commercial aviation is challenging. A dynamic programming approach to collision avoidance has been developed to optimize and generate logics that are robust to the complex dynamics of the national airspace. The current approach represents the aircraft avoidance problem as Markov Decision Processes and independently optimizes a horizontal and vertical maneuver avoidance logics. This is a result of the current memory requirements for each logic, simply combining the logics will result in a significantly larger representation. The "curse of dimensionality" makes it computationally inefficient and unfeasible to optimize this larger representation. However, existing and future collision avoidance systems have mostly defined the decision process by hand. In response, a simulation-based framework was built to better understand how each potential state quantifies the aircraft avoidance problem with regards to safety and operational components. The framework leverages recent advances in signals processing and database, while enabling the highest fidelity analysis of Monte Carlo aircraft encounter simulations to date. This framework enabled the calculation of how well each state of the decision process quantifies the collision risk and the associated memory requirements. Using this analysis, a collision avoidance logic that leverages both horizontal and vertical actions was built and optimized using this simulation based approach

Differential Adaptive Stress Testing of Airborne Collision Avoidance Systems

The next-generation Airborne Collision Avoidance System (ACAS X) is currently being developed and tested to replace the Traffic Alert and Collision Avoidance System (TCAS) as the next international standard for collision avoidance. To validate the safety of the system, stress testing in simulation is one of several approaches for analyzing near mid-air collisions (NMACs). Understanding how NMACs can occur is important for characterizing risk and informingdevelopment of the system. Recently, adaptive stress testing (AST) has been proposed as a way to find the most likely path to a failure event. The simulation-based approach accelerates search by formulating stress testing as a sequential decision process then optimizing it using reinforcement learning. The approach has been successfully applied to stress test a prototype of ACAS Xin various simulated aircraft encounters. In some applications, we are not as interestedin the system's absolute performance as its performance relative to another system. Such situations arise, for example, during regression testing or when deciding whether a new system should replace an existing system. In our collision avoidance application, we are interested in finding cases where ACAS X fails but TCAS succeeds in resolving a conflict. Existing approaches do not provide an efficient means to perform this type of analysis. This paper extends the AST approach to differential analysis by searching two simulators simultaneously and maximizing the difference between their outcomes. We call this approach differential adaptive stress testing (DAST). We apply DAST to compare a prototype of ACAS X against TCAS and show examples of encounters found by the algorithm

AN ADAPTABLE MATHEMATICAL MODEL FOR INTEGRATED NAVIGATION SYSTEMS

The project has been directed towards improving the accuracy and safety of marine navigation and ship handling, whilst contributing to reduced manning and improved fuel costs. Thus, the aim of the work was to investigate, design and develop an adaptable mathematical model that could be used in an integrated navigation system (INS) and an automatic collision avoidance system (ACAS) for use in marine vehicles. A general overview of automatic navigation is undertaken and consideration is given to the use of microprocessors on the bridge. Many of these systems now require the use of mathematical models to predict the vessels' manoeuvring characteristics: The different types and forms of models have been investigated and the derivation of their hydrodynamic coefficients is discussed in detail. The model required for an ACAS should be both accurate and adaptable, hence, extensive simulations were undertaken to evaluate the suitability of each model type. The modular model was found to have the most adaptable structure. All the modular components of this model were considered in detail to improve its adaptability, the number of non-linear terms in the hull module being reduced. A novel application, using the circulation theory to model the propeller forces and moments, allows the model to be more flexible compared to using traditional B-series four-quadrant propeller design charts. A new formula has been derived for predicting the sway and yaw components due to the propeller paddle wheel effect which gives a good degree of accuracy when comparing simulated and actual ship data, resulting in a mean positional error of less than 7%. As a consequence of this work, it is now possible for an ACAS to incorporate a ship mathematical model which produces realistic manoeuvring characteristics. Thus, the study will help to contribute to safety at sea.Kelvin Hughes Lt

Understanding Droplet Mobility and Penetration in Nonwovens via Numerical Simulation and Complementary Experiment

Water droplet mobility on a hydrophobic surface cannot be guaranteed even when the droplet exhibits a high contact angle with the surface. Droplet mobility is defined as the required force to move a droplet on the surface. In fact, droplet mobility on a surface, especially a fibrous surface, has remained an unsolved empirical problem. As the earth gravity may not be strong enough to initiate water droplet mobility or penetration into some hydrophobic fibrous coatings (electrospun polystyrene), a novel test method was designed. In the experiment, an aqueous ferrofluid droplets rather than water are used so that the body force on the droplets could be enhanced using a magnet, and droplet detachment or penetration could be induced. Our combined experimental-computational revealed the role of microstructure on droplet mobility and penetration into a fibrous coating. It was found that a coating made of aligned fibers could have a droplet mobility less than a random coating. A fiber level force calculation showed that fibers in the middle of the surface do not play a significant role in keeping the droplet on the surface (negligible relative contribution in resisting droplet detachment). Using the balance of forces acting on the detaching or penetrating droplet, novel easy-to-use expressions are developed to estimate droplet detachment (or penetration) force from (or into) a fibrous surface. This circumvents the need for running CPU-intensive simulations for each and every droplet–coating combinations of interest, and provides a means for designing nonwoven materials with low droplet mobility, e.g., self-cleaning fabrics. In addition, a new technique to study a nonmagnetic droplet (e.g., water) adhesion on hydrophobic surfaces is developed. The nonmagnetic droplet is partially cloaked with a high-surface tension oil-based ferrofluid and a permanent magnet is used to detach the resulting droplet (i.e. compound droplet). At the end, an insightful analysis into the complex nature of this multiphase problem is also provided, and thereby a general-purpose plot that extends the application of our work to other oil–water–solid combinations is presented

A Novel Collision Avoidance Logic for Unmanned Aerial Vehicles Using Real-Time Trajectory Planning

An effective collision avoidance logic should prevent collision without excessive alerting. This requirement would be even more stringent for an automatic collision avoidance logic, which is probably required by Unmanned Aerial Vehicles to mitigate the impact of delayed or lost link issues. In order to improve the safety performance and reduce the frequency of false alarms, this thesis proposes a novel collision avoidance logic based on the three-layer architecture and a real-time trajectory planning method. The aim of this thesis is to develop a real-time trajectory planning algorithm for the proposed collision avoidance logic and to determine the integrated logic’s feasibility, merits and limitations for practical applications. To develop the trajectory planning algorithm, an optimal control problem is formulated and an inverse-dynamic direct method along with a two stage, derivative-free pattern search method is used as the solution approach. The developed algorithm is able to take into account the flyability of three dimensional manoeuvres, the robustness to the intruder state uncertainty and the field-of-regard restriction of surveillance sensors. The testing results show that the standalone executable of the algorithm is able to provide a flyable avoidance trajectory with a maximum computation time less than 0.5 seconds. To evaluate the performance of the proposed logic, an evaluation framework for Monte Carlo simulations and a baseline approach for comparison are constructed. Based on five Monte Carlo simulation experiments, it is found that the proposed logic should be feasible as 1) it is able to achieve an update rate of 2Hz, 2) its safety performance is comparable with a reference requirement from another initial feasibility study, and 3) despite a 0.5 seconds computation latency, it outperforms the baseline approach in terms of safety performance and robustness to sensor and feedback error