14 research outputs found
Synthesizing Multiple Boolean Functions using Interpolation on a Single Proof
It is often difficult to correctly implement a Boolean controller for a
complex system, especially when concurrency is involved. Yet, it may be easy to
formally specify a controller. For instance, for a pipelined processor it
suffices to state that the visible behavior of the pipelined system should be
identical to a non-pipelined reference system (Burch-Dill paradigm). We present
a novel procedure to efficiently synthesize multiple Boolean control signals
from a specification given as a quantified first-order formula (with a specific
quantifier structure). Our approach uses uninterpreted functions to abstract
details of the design. We construct an unsatisfiable SMT formula from the given
specification. Then, from just one proof of unsatisfiability, we use a variant
of Craig interpolation to compute multiple coordinated interpolants that
implement the Boolean control signals. Our method avoids iterative learning and
back-substitution of the control functions. We applied our approach to
synthesize a controller for a simple two-stage pipelined processor, and present
first experimental results.Comment: This paper originally appeared in FMCAD 2013,
http://www.cs.utexas.edu/users/hunt/FMCAD/FMCAD13/index.shtml. This version
includes an appendix that is missing in the conference versio
Synthesizing Robust Systems with RATSY
Specifications for reactive systems often consist of environment assumptions
and system guarantees. An implementation should not only be correct, but also
robust in the sense that it behaves reasonably even when the assumptions are
(temporarily) violated. We present an extension of the requirements analysis
and synthesis tool RATSY that is able to synthesize robust systems from GR(1)
specifications, i.e., system in which a finite number of safety assumption
violations is guaranteed to induce only a finite number of safety guarantee
violations. We show how the specification can be turned into a two-pair Streett
game, and how a winning strategy corresponding to a correct and robust
implementation can be computed. Finally, we provide some experimental results.Comment: In Proceedings SYNT 2012, arXiv:1207.055
Correct-by-Construction Runtime Enforcement in AI – A Survey
Runtime enforcement refers to the theories, techniques, and tools for enforcing correct behavior with respect to a formal specification of systems at runtime. In this paper, we are interested in techniques for constructing runtime enforcers for the concrete application domain of enforcing safety in AI. We discuss how safety is traditionally handled in the field of AI and how more formal guarantees on the safety of a self- learning agent can be given by integrating a runtime enforcer. We survey a selection of work on such enforcers, where we distinguish between ap- proaches for discrete and continuous action spaces. The purpose of this paper is to foster a better understanding of advantages and limitations of different enforcement techniques, focusing on the specific challenges that arise due to their application in AI. Finally, we present some open challenges and avenues for future work.QC 20221201</p
Safety Shielding under Delayed Observation
Agents operating in physical environments need to be able to handle delays in the input and output signals since neither data transmission nor sensing or actuating the environment are instantaneous. Shields are correct-by-construction runtime enforcers that guarantee safe execution by correcting any action that may cause a violation of a formal safety specification. Besides providing safety guarantees, shields should interfere minimally with the agent. Therefore, shields should pick the safe corrective actions in such a way that future interferences are most likely minimized. Current shielding approaches do not consider possible delays in the input signals in their safety analyses. In this paper, we address this issue. We propose synthesis algorithms to compute delay-resilient shields that guarantee safety under worst-case assumptions on the delays of the input signals. We also introduce novel heuristics for deciding between multiple corrective actions, designed to minimize future shield interferences caused by delays. As a further contribution, we present the first integration of shields in a realistic driving simulator. We implemented our delayed shields in the driving simulator Carla. We shield potentially unsafe autonomous driving agents in different safety-critical scenarios and show the effect of delays on the safety analysis
Search-Based Testing of Reinforcement Learning
Evaluation of deep reinforcement learning (RL) is inherently challenging.
Especially the opaqueness of learned policies and the stochastic nature of both
agents and environments make testing the behavior of deep RL agents difficult.
We present a search-based testing framework that enables a wide range of novel
analysis capabilities for evaluating the safety and performance of deep RL
agents. For safety testing, our framework utilizes a search algorithm that
searches for a reference trace that solves the RL task. The backtracking states
of the search, called boundary states, pose safety-critical situations. We
create safety test-suites that evaluate how well the RL agent escapes
safety-critical situations near these boundary states. For robust performance
testing, we create a diverse set of traces via fuzz testing. These fuzz traces
are used to bring the agent into a wide variety of potentially unknown states
from which the average performance of the agent is compared to the average
performance of the fuzz traces. We apply our search-based testing approach on
RL for Nintendo's Super Mario Bros.Comment: 11 pages, 15 figures, Accepted at IJCAI-ECAI 2022 (Main Track