3,036 research outputs found
An Iterative Abstraction Algorithm for Reactive Correct-by-Construction Controller Synthesis
In this paper, we consider the problem of synthesizing
correct-by-construction controllers for discrete-time dynamical systems. A
commonly adopted approach in the literature is to abstract the dynamical system
into a Finite Transition System (FTS) and thus convert the problem into a two
player game between the environment and the system on the FTS. The controller
design problem can then be solved using synthesis tools for general linear
temporal logic or generalized reactivity(1) specifications. In this article, we
propose a new abstraction algorithm. Instead of generating a single FTS to
represent the system, we generate two FTSs, which are under- and
over-approximations of the original dynamical system. We further develop an
iterative abstraction scheme by exploiting the concept of winning sets, i.e.,
the sets of states for which there exists a winning strategy for the system.
Finally, the efficiency of the new abstraction algorithm is illustrated by
numerical examples.Comment: A shorter version has been accepted for publication in the 54th IEEE
Conference on Decision and Control (held Tuesday through Friday, December
15-18, 2015 at the Osaka International Convention Center, Osaka, Japan
Lazy Abstraction-Based Controller Synthesis
We present lazy abstraction-based controller synthesis (ABCS) for
continuous-time nonlinear dynamical systems against reach-avoid and safety
specifications. State-of-the-art multi-layered ABCS pre-computes multiple
finite-state abstractions of varying granularity and applies reactive synthesis
to the coarsest abstraction whenever feasible, but adaptively considers finer
abstractions when necessary. Lazy ABCS improves this technique by constructing
abstractions on demand. Our insight is that the abstract transition relation
only needs to be locally computed for a small set of frontier states at the
precision currently required by the synthesis algorithm. We show that lazy ABCS
can significantly outperform previous multi-layered ABCS algorithms: on
standard benchmarks, lazy ABCS is more than 4 times faster
Coordinated Robot Navigation via Hierarchical Clustering
We introduce the use of hierarchical clustering for relaxed, deterministic
coordination and control of multiple robots. Traditionally an unsupervised
learning method, hierarchical clustering offers a formalism for identifying and
representing spatially cohesive and segregated robot groups at different
resolutions by relating the continuous space of configurations to the
combinatorial space of trees. We formalize and exploit this relation,
developing computationally effective reactive algorithms for navigating through
the combinatorial space in concert with geometric realizations for a particular
choice of hierarchical clustering method. These constructions yield
computationally effective vector field planners for both hierarchically
invariant as well as transitional navigation in the configuration space. We
apply these methods to the centralized coordination and control of
perfectly sensed and actuated Euclidean spheres in a -dimensional ambient
space (for arbitrary and ). Given a desired configuration supporting a
desired hierarchy, we construct a hybrid controller which is quadratic in
and algebraic in and prove that its execution brings all but a measure zero
set of initial configurations to the desired goal with the guarantee of no
collisions along the way.Comment: 29 pages, 13 figures, 8 tables, extended version of a paper in
preparation for submission to a journa
Iterative Temporal Motion Planning for Hybrid Systems in Partially Unknown Environments
This paper considers the problem of motion planning for a
hybrid robotic system with complex and nonlinear dynamics
in a partially unknown environment given a temporal logic
specification. We employ a multi-layered synergistic framework
that can deal with general robot dynamics and combine
it with an iterative planning strategy. Our work allows us
to deal with the unknown environmental restrictions only
when they are discovered and without the need to repeat
the computation that is related to the temporal logic specification.
In addition, we define a metric for satisfaction of
a specification. We use this metric to plan a trajectory that
satisfies the specification as closely as possible in cases in
which the discovered constraint in the environment renders
the specification unsatisfiable. We demonstrate the efficacy
of our framework on a simulation of a hybrid second-order
car-like robot moving in an office environment with unknown
obstacles. The results show that our framework is successful
in generating a trajectory whose satisfaction measure of the
specification is optimal. They also show that, when new obstacles
are discovered, the reinitialization of our framework
is computationally inexpensive
Recommended from our members
Modular and Safe Event-Driven Programming
Asynchronous event-driven systems are ubiquitous across domains such as device drivers, distributed systems, and robotics. These systems are notoriously hard to get right as the programmer needs to reason about numerous control paths resulting from the complex interleaving of events (or messages) and failures. Unsurprisingly, it is easy to introduce subtle errors while attempting to fill in gaps between high-level system specifications and their concrete implementations.This dissertation proposes new methods for programming safe event-driven asynchronous systems.In the first part of the thesis, we present ModP, a modular programming framework for compositional programming and testing of event-driven asynchronous systems.The ModP module system supports a novel theory of compositional refinement for assume-guarantee reasoning of dynamic event-driven asynchronous systems. We build a complex distributed systems software stack using ModP.Our results demonstrate that compositional reasoning can help scale model-checking (both explicit and symbolic) to large distributed systems.ModP is transforming the way asynchronous software is built at Microsoft and Amazon Web Services (AWS). Microsoft uses ModP for implementing safe device drivers and other software in the Windows kernel.AWS uses ModP for compositional model checking of complex distributed systems. While ModP simplifies analysis of such systems, the state space of industrial-scale systems remains extremely large.In the second part of this thesis, we present scalable verification and systematic testing approaches to further mitigate this state-space explosion problem.First, we introduce the concept of a delaying explorer to perform prioritized exploration of the behaviors of an asynchronous reactive program. A delaying explorer stratifies the search space using a custom strategy (tailored towards finding bugs faster), and a delay operation that allows deviation from that strategy. We show that prioritized search with a delaying explorer performs significantly better than existing approaches for finding bugs in asynchronous programs.Next, we consider the challenge of verifying time-synchronized systems; these are almost-synchronous systems as they are neither completely asynchronous nor synchronous.We introduce approximate synchrony, a sound and tunable abstraction for verification of almost-synchronous systems. We show how approximate synchrony can be used for verification of both time-synchronization protocols and applications running on top of them.Moreover, we show how approximate synchrony also provides a useful strategy to guide state-space exploration during model-checking.Using approximate synchrony and implementing it as a delaying explorer, we were able to verify the correctness of the IEEE 1588 distributed time-synchronization protocol and, in the process, uncovered a bug in the protocol that was well appreciated by the standards committee.In the final part of this thesis, we consider the challenge of programming a special class of event-driven asynchronous systems -- safe autonomous robotics systems.Our approach towards achieving assured autonomy for robotics systems consists of two parts: (1) a high-level programming language for implementing and validating the reactive robotics software stack; and (2) an integrated runtime assurance system to ensure that the assumptions used during design-time validation of the high-level software hold at runtime.Combining high-level programming language and model-checking with runtime assurance helps us bridge the gap between design-time software validation that makes assumptions about the untrusted components (e.g., low-level controllers), and the physical world, and the actual execution of the software on a real robotic platform in the physical world. We implemented our approach as DRONA, a programming framework for building safe robotics systems.We used DRONA for building a distributed mobile robotics system and deployed it on real drone platforms. Our results demonstrate that DRONA (with the runtime-assurance capabilities) enables programmers to build an autonomous robotics software stack with formal safety guarantees.To summarize, this thesis contributes new theory and tools to the areas of programming languages, verification, systematic testing, and runtime assurance for programming safe asynchronous event-driven across the domains of fault-tolerant distributed systems and safe autonomous robotics systems
Formal Methods and Safety for Automated Vehicles: Modeling, Abstractions, and Synthesis of Tactical Planners
One goal of developing automated road vehicles is to completely free people from driving tasks. Automated vehicles with no human driver must handle all traffic situations that human drivers are expected to handle, possibly more. Though human drivers cause a lot of traffic accidents, they still have a very low accident and failure rate that automated vehicles must match.Tactical planners are responsible for making discrete decisions for the coming seconds or minutes. As with all subsystems in an automated vehicle, these planners need to be supported with a credible and convincing argument of their correctness. The planners interact with other road users in a feedback loop, so their correctness depends on their behavior in relation to other drivers and road users over time. One way to ascertain their correctness is to test the vehicles in real traffic. But to be sufficiently certain that a tactical planner is safe, it has to be tested on 255 million miles with no accidents.Formal methods can, in contrast to testing, mathematically prove that given requirements are fulfilled. Hence, these methods are a promising alternative for making credible arguments for tactical planners’ correctness. The topic of this thesis is the use of formal methods in the automotive industry to design safe tactical planners. What is interesting is both how automotive systems can be modeled in formal frameworks, and how formal methods can be used practically within the automotive development process.The main findings of this thesis are that it is viable to formally express desired properties of tactical planners, and to use formal methods to prove their correctness. However, the difficulty to anticipate and inspect the interaction of several desired properties is found to be an obstacle. Model Checking, Reactive Synthesis, and Supervisory Control Theory have been used in the design and development process of tactical planners, and these methods have their benefits, depending on the application. To be feasible and useful, these methods need to operate on both a high and a low level of abstraction, and this thesis contributes an automatic abstraction method that bridges this divide.It is also found that artifacts from formal methods tools may be used to convincingly argue that a realization of a tactical planner is safe, and that such an argument puts formal requirements on the vehicle’s other subsystems and its surroundings
- …