22 research outputs found
Compositional Falsification of Cyber-Physical Systems with Machine Learning Components
Cyber-physical systems (CPS), such as automotive systems, are starting to
include sophisticated machine learning (ML) components. Their correctness,
therefore, depends on properties of the inner ML modules. While learning
algorithms aim to generalize from examples, they are only as good as the
examples provided, and recent efforts have shown that they can produce
inconsistent output under small adversarial perturbations. This raises the
question: can the output from learning components can lead to a failure of the
entire CPS? In this work, we address this question by formulating it as a
problem of falsifying signal temporal logic (STL) specifications for CPS with
ML components. We propose a compositional falsification framework where a
temporal logic falsifier and a machine learning analyzer cooperate with the aim
of finding falsifying executions of the considered model. The efficacy of the
proposed technique is shown on an automatic emergency braking system model with
a perception component based on deep neural networks
Fly-by-Logic: A Tool for Unmanned Aircraft System Fleet Planning using Temporal Logic
Safe planning for fleets of Unmaned Aircraft Systems (UAS) performing complex missions in urban environments has typically been a challenging problem. In the United States of America, the National Aeronautics and Space Administration (NASA) and the Federal Aviation Administration (FAA) have been studying the regulation of the airspace when multiple such fleets of autonomous UAS share the same airspace, outlined in the Concept of Operations document (ConOps). While the focus is on the infrastructure and management of the airspace, the Unmanned Aircraft System (UAS) Traffic Management (UTM) ConOps also outline a potential airspace reservation based system for operation where operators reserve a volume of the airspace for a given time inter- val to operate in, but it makes clear that the safety (separation from other aircraft, terrain, and other hazards) is a responsibility of the drone fleet operators. In this work, we present a tool that allows an operator to plan out missions for fleets of multi-rotor UAS, performing complex time- bound missions. The tool builds upon a correct-by-construction planning method by translating missions to Signal Temporal Logic (STL). Along with a simple user interface, it also has fast and scalable mission planning abilities. We demonstrate our tool for one such mission
Robust Online Monitoring of Signal Temporal Logic
Signal Temporal Logic (STL) is a formalism used to rigorously specify
requirements of cyberphysical systems (CPS), i.e., systems mixing digital or
discrete components in interaction with a continuous environment or analog com-
ponents. STL is naturally equipped with a quantitative semantics which can be
used for various purposes: from assessing the robustness of a specification to
guiding searches over the input and parameter space with the goal of falsifying
the given property over system behaviors. Algorithms have been proposed and
implemented for offline computation of such quantitative semantics, but only
few methods exist for an online setting, where one would want to monitor the
satisfaction of a formula during simulation. In this paper, we formalize a
semantics for robust online monitoring of partial traces, i.e., traces for
which there might not be enough data to decide the Boolean satisfaction (and to
compute its quantitative counterpart). We propose an efficient algorithm to
compute it and demonstrate its usage on two large scale real-world case studies
coming from the automotive domain and from CPS education in a Massively Open
Online Course (MOOC) setting. We show that savings in computationally expensive
simulations far outweigh any overheads incurred by an online approach
HySIA: Tool for Simulating and Monitoring Hybrid Automata Based on Interval Analysis
We present HySIA: a reliable runtime verification tool for nonlinear hybrid
automata (HA) and signal temporal logic (STL) properties. HySIA simulates an HA
with interval analysis techniques so that a trajectory is enclosed sharply
within a set of intervals. Then, HySIA computes whether the simulated
trajectory satisfies a given STL property; the computation is performed again
with interval analysis to achieve reliability. Simulation and verification
using HySIA are demonstrated through several example HA and STL formulas.Comment: Appeared in RV'17; the final publication is available at Springe
On-Line Monitoring for Temporal Logic Robustness
In this paper, we provide a Dynamic Programming algorithm for on-line
monitoring of the state robustness of Metric Temporal Logic specifications with
past time operators. We compute the robustness of MTL with unbounded past and
bounded future temporal operators MTL over sampled traces of Cyber-Physical
Systems. We implemented our tool in Matlab as a Simulink block that can be used
in any Simulink model. We experimentally demonstrate that the overhead of the
MTL robustness monitoring is acceptable for certain classes of practical
specifications
Bounded Verification with On-the-Fly Discrepancy Computation
Simulation-based verification algorithms can provide formal safety guarantees
for nonlinear and hybrid systems. The previous algorithms rely on user provided
model annotations called discrepancy function, which are crucial for computing
reachtubes from simulations. In this paper, we eliminate this requirement by
presenting an algorithm for computing piece-wise exponential discrepancy
functions. The algorithm relies on computing local convergence or divergence
rates of trajectories along a simulation using a coarse over-approximation of
the reach set and bounding the maximal eigenvalue of the Jacobian over this
over-approximation. The resulting discrepancy function preserves the soundness
and the relative completeness of the verification algorithm. We also provide a
coordinate transformation method to improve the local estimates for the
convergence or divergence rates in practical examples. We extend the method to
get the input-to-state discrepancy of nonlinear dynamical systems which can be
used for compositional analysis. Our experiments show that the approach is
effective in terms of running time for several benchmark problems, scales
reasonably to larger dimensional systems, and compares favorably with respect
to available tools for nonlinear models.Comment: 24 page
Combined Global and Local Search for the Falsification of Hybrid Systems
In this paper we solve the problem of finding a trajectory that shows that a
given hybrid dynamical system with deterministic evolution leaves a given set
of states considered to be safe. The algorithm combines local with global
search for achieving both efficiency and global convergence. In local search,
it exploits derivatives for efficient computation. Unlike other methods for
falsification of hybrid systems with deterministic evolution, we do not
restrict our search to trajectories of a certain bounded length but search for
error trajectories of arbitrary length
A robust genetic algorithm for learning temporal specifications from data
We consider the problem of mining signal temporal logical requirements from a dataset of regular (good) and anomalous (bad) trajectories of a dynamical system. We assume the training set to be labeled by human experts and that we have access only to a limited amount of data, typically noisy. We provide a systematic approach to synthesize both the syntactical structure and the parameters of the temporal logic formula using a two-steps procedure: first, we leverage a novel evolutionary algorithm for learning the structure of the formula; second, we perform the parameter synthesis operating on the statistical emulation of the average robustness for a candidate formula w.r.t. its parameters. We compare our results with our previous work [9] and with a recently proposed decision-tree [8] based method. We present experimental results on two case studies: an anomalous trajectory detection problem of a naval surveillance system and the characterization of an Ineffective Respiratory effort, showing the usefulness of our work
Conformance-based doping detection for cyber-physical systems
We present a novel and generalised notion of doping cleanness for cyber-physical systems that allows for perturbing the inputs and observing the perturbed outputs both in the time– and value–domains. We instantiate our definition using existing notions of conformance for cyber-physical systems. We show that our generalised definitions are essential in a data-driven method for doping detection and apply our definitions to a case study concerning diesel emission tests
Automated generation of hybrid automata for multi-rigid-body mechanical systems and its application to the falsification of safety properties
© 2017 The Authors. Published by Taylor & Francis. This is an open access article available under a Creative Commons licence.
The published version can be accessed at the following link on the publisher’s website: https://doi.org/10.1080/13873954.2017.1369437What if we designed a tool to automatically generate a dynamical transition system for the formal specification of mechanical systems subject to multiple impacts, contacts and discontinuous friction? Such a tool would represent an advance in the description and simulation of these complex systems. This is precisely what this paper offers: Dyverse Rigid Body Toolbox (DyverseRBT). This tool requires a sufficiently expressive computational model that can accurately describe the behaviour of the system as it evolves over time. For this purpose, we propose an alternative abstraction of multi-rigid-body (MRB) mechanical systems with multiple contacts as an extended version of the classical hybrid automaton, which we call MRB hybrid automaton. One of the chief characteristics of the MRB hybrid automaton is the inclusion of computation nodes to encode algorithms to calculate the contact forces. The computation nodes consist of a set of non-dynamical discrete locations, discrete transitions and guards between these locations, and resets on transitions. They can account for the energy transfer not explicitly considered within the rigid-body formalism. The proposed modelling framework is well suited for the automated verification of dynamical properties of realistic mechanical systems. We show this by the falsification of safety properties over the transition system generated by DyverseRBT.This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) of the UK: [Grant Number EP/I001689/1] (‘DYVERSE: A New Kind of Control for Hybrid Systems’), and the Research Councils UK (RCUK): [Grant Number EP/E50048/1].Published versio