Formal Synthesis of Control Strategies for Positive Monotone Systems

We design controllers from formal specifications for positive discrete-time monotone systems that are subject to bounded disturbances. Such systems are widely used to model the dynamics of transportation and biological networks. The specifications are described using signal temporal logic (STL), which can express a broad range of temporal properties. We formulate the problem as a mixed-integer linear program (MILP) and show that under the assumptions made in this paper, which are not restrictive for traffic applications, the existence of open-loop control policies is sufficient and almost necessary to ensure the satisfaction of STL formulas. We establish a relation between satisfaction of STL formulas in infinite time and set-invariance theories and provide an efficient method to compute robust control invariant sets in high dimensions. We also develop a robust model predictive framework to plan controls optimally while ensuring the satisfaction of the specification. Illustrative examples and a traffic management case study are included.Comment: To appear in IEEE Transactions on Automatic Control (TAC) (2018), 16 pages, double colum

Machine learning and data-driven techniques for verification and synthesis of cyber-physical systems

Safety and performance are the most important requirements for designing and manufacturing complex life-critical systems. Consider a self-driving car which is not equipped with certain safety functionalities. It can cause fatal accidents, severe injuries, or serious damages to the environment. Hence, rigorous analysis required to ensure the correctness of functionalities in many safety-critical applications. Model-based approaches for satisfying such requirements have been studied extensively in the literature. Unfortunately, a precise model of the system is not always available in many practical scenarios. Hence, in this thesis we focus on data-driven methods and machine learning techniques to tackle this challenge. First, we assume that only an incomplete parameterized model of the system is available. The main goal is to study formal verification of linear time-invariant systems with respect to a fragment of temporal logic specifications when only a partial knowledge of the model is available, i.e., a parameterized model of the system is known but the exact values of the parameters are unknown. We provide a probabilistic measure for the satisfaction of the specification by trajectories of the system under the influence of uncertainty. We assume that these specifications are expressed as signal temporal logic formulae and provide an approach that relies on gathering input-output data from the system. We employ Bayesian inference on the collected data to associate a notion of confidence with the satisfaction of the specification. Second, we assume that we do not have any knowledge about the model of the system and just have access to input-output data from the system. We study verification and synthesis problems for safety specifications over unknown discrete-time stochastic systems. When a model of the system is available, notion of barrier certificates have been successfully applied for ensuring the satisfaction of safety specifications. Here, we formulate the computation of barrier certificates as a robust convex program (RCP). Solving the acquired RCP is difficult in general because the model of the system that appears in one of the constraints of the RCP is unknown. We propose a data-driven approach that replaces the uncountable number of constraints in the RCP with a finite number of constraints by taking finitely many random samples from the trajectories of the system. We thus replace the original RCP with a scenario convex program (SCP) and show how to relate their optimizers. We guarantee that the solution of the SCP is a solution of the RCP with a priori guaranteed confidence when the number of samples is larger than a specific value. This provides a lower bound on the safety probability of the original unknown system together with a controller in the case of synthesis. Lastly, to address the high demand for data in our data-driven barrier-based approach, we propose three remedies. First, the wait-and-judge approach that checks a condition over the optimal value of the SCP using a fixed number of samples, ensuring a lower bound probability and the desired confidence for satisfying safety specifications. Second, the repetition-based scenario framework that iteratively solves the SCP with samples, checking feasibility and achieving the desired violation error. A safety condition is verified, enabling the computation of a lower bound for safety satisfaction. Third, the wait, judge, and repeat framework that solves the SCP iteratively until a feasibility condition, based on computed support constraints, is met. If the safety condition is satisfied, the system is considered safe with a lower bound probability determined using the optimizer of the successful iteration

Oracle-Guided Design and Analysis of Learning-Based Cyber-Physical Systems

We are in world where autonomous systems, such as self-driving cars, surgical robots, robotic manipulators are becoming a reality. Such systems are considered \textit{safety-critical} since they interact with humans on a regular basis. Hence, before such systems can be integrated into our day to day life, we need to guarantee their safety. Recent success in machine learning (ML) and artificial intelligence (AI) has led to an increase in their use in real world robotic systems. For example, complex perception modules in self-driving cars and deep reinforcement learning controllers in robotic manipulators. Although powerful, they introduce an additional level of complexity when it comes to the formal analysis of autonomous systems. In this thesis, such systems are designated as Learning-Based Cyber-Physical Systems~(LB-CPS). In this thesis, we take inspiration from the Oracle-Guided Inductive Synthesis~(OGIS) paradigm to develop frameworks which can aid in achieving formal guarantees in different stages of an autonomous system design and analysis pipeline. Furthermore, we show that to guarantee the safety of LB-CPS, the design (synthesis) and analysis (verification) must consider feedback from the other. We consider five important parts of the design and analysis process and show a strong coupling among them, namely (i) Robust Control Synthesis from High Level Safety Specifications; (ii) Diagnosis and Repair of Safety Requirements for Control Synthesis; (iii) Counter-example Guided Data Augmentation for training high-accuracy ML models; (iv) Simulation-Guided Falsification and Verification against Adversarial Environments; and (v) Bridging Model and Real-World Gap. Finally, we introduce a software toolkit \verifai{} for the design and analysis of AI based systems, which was developed to provide a common formal platform to implement design and analysis frameworks for LB-CPS

Signal Temporal Logic Neural Predictive Control

Ensuring safety and meeting temporal specifications are critical challenges for long-term robotic tasks. Signal temporal logic (STL) has been widely used to systematically and rigorously specify these requirements. However, traditional methods of finding the control policy under those STL requirements are computationally complex and not scalable to high-dimensional or systems with complex nonlinear dynamics. Reinforcement learning (RL) methods can learn the policy to satisfy the STL specifications via hand-crafted or STL-inspired rewards, but might encounter unexpected behaviors due to ambiguity and sparsity in the reward. In this paper, we propose a method to directly learn a neural network controller to satisfy the requirements specified in STL. Our controller learns to roll out trajectories to maximize the STL robustness score in training. In testing, similar to Model Predictive Control (MPC), the learned controller predicts a trajectory within a planning horizon to ensure the satisfaction of the STL requirement in deployment. A backup policy is designed to ensure safety when our controller fails. Our approach can adapt to various initial conditions and environmental parameters. We conduct experiments on six tasks, where our method with the backup policy outperforms the classical methods (MPC, STL-solver), model-free and model-based RL methods in STL satisfaction rate, especially on tasks with complex STL specifications while being 10X-100X faster than the classical methods.Comment: Accepted by IEEE Robotics and Automation Letters (RA-L) and ICRA202

Formal methods for resilient control

Many systems operate in uncertain, possibly adversarial environments, and their successful operation is contingent upon satisfying specific requirements, optimal performance, and ability to recover from unexpected situations. Examples are prevalent in many engineering disciplines such as transportation, robotics, energy, and biological systems. This thesis studies designing correct, resilient, and optimal controllers for discrete-time complex systems from elaborate, possibly vague, specifications. The first part of the contributions of this thesis is a framework for optimal control of non-deterministic hybrid systems from specifications described by signal temporal logic (STL), which can express a broad spectrum of interesting properties. The method is optimization-based and has several advantages over the existing techniques. When satisfying the specification is impossible, the degree of violation - characterized by STL quantitative semantics - is minimized. The computational limitations are discussed. The focus of second part is on specific types of systems and specifications for which controllers are synthesized efficiently. A class of monotone systems is introduced for which formal synthesis is scalable and almost complete. It is shown that hybrid macroscopic traffic models fall into this class. Novel techniques in modular verification and synthesis are employed for distributed optimal control, and their usefulness is shown for large-scale traffic management. Apart from monotone systems, a method is introduced for robust constrained control of networked linear systems with communication constraints. Case studies on longitudinal control of vehicular platoons are presented. The third part is about learning-based control with formal guarantees. Two approaches are studied. First, a formal perspective on adaptive control is provided in which the model is represented by a parametric transition system, and the specification is captured by an automaton. A correct-by-construction framework is developed such that the controller infers the actual parameters and plans accordingly for all possible future transitions and inferences. The second approach is based on hybrid model identification using input-output data. By assuming some limited knowledge of the range of system behaviors, theoretical performance guarantees are provided on implementing the controller designed for the identified model on the original unknown system

A Contract-Based Methodology for Aircraft Electric Power System Design

In an aircraft electric power system, one or more supervisory control units actuate a set of electromechanical switches to dynamically distribute power from generators to loads, while satisfying safety, reliability, and real-time performance requirements. To reduce expensive redesign steps, this control problem is generally addressed by minor incremental changes on top of consolidated solutions. A more systematic approach is hindered by a lack of rigorous design methodologies that allow estimating the impact of earlier design decisions on the final implementation. To achieve an optimal implementation that satisfies a set of requirements, we propose a platform-based methodology for electric power system design, which enables independent implementation of system topology (i.e., interconnection among elements) and control protocol by using a compositional approach. In our flow, design space exploration is carried out as a sequence of refinement steps from the initial specification toward a final implementation by mapping higher level behavioral and performance models into a set of either existing or virtual library components at the lower level of abstraction. Specifications are first expressed using the formalisms of linear temporal logic, signal temporal logic, and arithmetic constraints on Boolean variables. To reason about different requirements, we use specialized analysis and synthesis frameworks and formulate assume guarantee contracts at the articulation points in the design flow. We show the effectiveness of our approach on a proof-of-concept electric power system design