Forward Invariant Cuts to Simplify Proofs of Safety

The use of deductive techniques, such as theorem provers, has several advantages in safety verification of hybrid sys- tems; however, state-of-the-art theorem provers require ex- tensive manual intervention. Furthermore, there is often a gap between the type of assistance that a theorem prover requires to make progress on a proof task and the assis- tance that a system designer is able to provide. This paper presents an extension to KeYmaera, a deductive verification tool for differential dynamic logic; the new technique allows local reasoning using system designer intuition about per- formance within particular modes as part of a proof task. Our approach allows the theorem prover to leverage for- ward invariants, discovered using numerical techniques, as part of a proof of safety. We introduce a new inference rule into the proof calculus of KeYmaera, the forward invariant cut rule, and we present a methodology to discover useful forward invariants, which are then used with the new cut rule to complete verification tasks. We demonstrate how our new approach can be used to complete verification tasks that lie out of the reach of existing deductive approaches us- ing several examples, including one involving an automotive powertrain control system.Comment: Extended version of EMSOFT pape

Augmented Lagrangian Methods as Layered Control Architectures

For optimal control problems that involve planning and following a trajectory, two degree of freedom (2DOF) controllers are a ubiquitously used control architecture that decomposes the problem into a trajectory generation layer and a feedback control layer. However, despite the broad use and practical success of this layered control architecture, it remains a design choice that must be imposed $a\ priori$ on the control policy. To address this gap, this paper seeks to initiate a principled study of the design of layered control architectures, with an initial focus on the 2DOF controller. We show that applying the Alternating Direction Method of Multipliers (ADMM) algorithm to solve a strategically rewritten optimal control problem results in solutions that are naturally layered, and composed of a trajectory generation layer and a feedback control layer. Furthermore, these layers are coupled via Lagrange multipliers that ensure dynamic feasibility of the planned trajectory. We instantiate this framework in the context of deterministic and stochastic linear optimal control problems, and show how our approach automatically yields a feedforward/feedback-based control policy that exactly solves the original problem. We then show that the simplicity of the resulting controller structure suggests natural heuristic algorithms for approximately solving nonlinear optimal control problems. We empirically demonstrate improved performance of these layered nonlinear optimal controllers as compared to iLQR, and highlight their flexibility by incorporating both convex and nonconvex constraints

Inductive Certificate Synthesis for Control Design

The focus of this thesis is developing a framework for designing correct-by-construction controllers using control certificates. We use nonlinear dynamical systems to model the physical environment (plants). The goal is to synthesize controllers for these plants while guaranteeing formal correctness w.r.t. given specifications. We consider different fundamental specifications including stability, safety, and reach-while-stay. Stability specification states that the execution traces of the system remain close to an equilibrium state and approach it asymptotically. Safety specification requires the execution traces to stay in a safe region. Finally, for reach-while-stay specification, safety is needed until a target set is reached.The design task consists of two phases. In the first phase, the control design problem is reduced to the question of finding a control certificate. More precisely, the goal of the first phase is to define a class of control certificates with a specific structure. This definition should guarantee the following: ``Having a control certificate, one can systematically design a controller and prove its correctness at the same time."The goal in the second phase is to find such a control certificate. We define a potential control certificate space (hypothesis space) using parameterized functions. Next, we provide an inductive search framework to find proper parameters, which yield a control certificate. Finally, we evaluate our framework. We show that discovering control certificates is practically feasible and demonstrate the effectiveness of the automatically designed controllers through simulations and real physical systems experiments

Deductive control synthesis for alternating-time logics

Algorithmic design of control laws for continuous systems for complex temporal specifications is a key step toward automatic synthesis of controllers for cyber-physical systems. Current approaches either abstract the dynamical system to a finite-state approximation or search for certificates that imply invariance or reachability properties (barriers and Lyapunov functions, respectively). The first approach is limited by an exponential blow-up in the abstraction process; the second in the properties that can be controlled for. We present a deductive proof system for the control of alternating-time temporal properties on continuous systems. We show that reasoning about temporal logic constraints in ATL*, an expressive branching-time logic that allows for quantification over control strategies, can be reduced effectively to reasoning about combinations of barrier certificates and Lyapunov functions. Our approach enables the application of existing constraint-based techniques for finding barriers and Lyapunov functions to the design of controllers for complex temporal properties, while sidestepping the exponential cost of computing finite-state abstractions