-
Flow-Based Synthesis of Reactive Tests for Discrete Decision-Making Systems with Temporal Logic Specifications
Authors:
Josefine B. Graebener,
Apurva S. Badithela,
Denizalp Goktas,
Wyatt Ubellacker,
Eric V. Mazumdar,
Aaron D. Ames,
Richard M. Murray
Abstract:
Designing tests to evaluate if a given autonomous system satisfies complex specifications is challenging due to the complexity of these systems. This work proposes a flow-based approach for reactive test synthesis from temporal logic specifications, enabling the synthesis of test environments consisting of static and reactive obstacles and dynamic test agents. The temporal logic specifications des…
▽ More
Designing tests to evaluate if a given autonomous system satisfies complex specifications is challenging due to the complexity of these systems. This work proposes a flow-based approach for reactive test synthesis from temporal logic specifications, enabling the synthesis of test environments consisting of static and reactive obstacles and dynamic test agents. The temporal logic specifications describe desired test behavior, including system requirements as well as a test objective that is not revealed to the system. The synthesized test strategy places restrictions on system actions in reaction to the system state. The tests are minimally restrictive and accomplish the test objective while ensuring realizability of the system's objective without aiding it (semi-cooperative setting). Automata theory and flow networks are leveraged to formulate a mixed-integer linear program (MILP) to synthesize the test strategy. For a dynamic test agent, the agent strategy is synthesized for a GR(1) specification constructed from the solution of the MILP. If the specification is unrealizable by the dynamics of the test agent, a counterexample-guided approach is used to resolve the MILP until a strategy is found. This flow-based, reactive test synthesis is conducted offline and is agnostic to the system controller. Finally, the resulting test strategy is demonstrated in simulation and experimentally on a pair of quadrupedal robots for a variety of specifications.
△ Less
Submitted 15 April, 2024;
originally announced April 2024.
-
Context-Aided Variable Elimination for Requirement Engineering
Authors:
Inigo Incer,
Albert Benveniste,
Richard M. Murray,
Alberto Sangiovanni-Vincentelli,
Sanjit A. Seshia
Abstract:
Deriving system-level specifications from component specifications usually involves the elimination of variables that are not part of the interface of the top-level system. This paper presents algorithms for eliminating variables from formulas by computing refinements or relaxations of these formulas in a context. We discuss a connection between this problem and optimization and give efficient alg…
▽ More
Deriving system-level specifications from component specifications usually involves the elimination of variables that are not part of the interface of the top-level system. This paper presents algorithms for eliminating variables from formulas by computing refinements or relaxations of these formulas in a context. We discuss a connection between this problem and optimization and give efficient algorithms to compute refinements and relaxations of linear inequality constraints.
△ Less
Submitted 27 May, 2023;
originally announced May 2023.
-
Pacti: Scaling Assume-Guarantee Reasoning for System Analysis and Design
Authors:
Inigo Incer,
Apurva Badithela,
Josefine Graebener,
Piergiuseppe Mallozzi,
Ayush Pandey,
Sheng-Jung Yu,
Albert Benveniste,
Benoit Caillaud,
Richard M. Murray,
Alberto Sangiovanni-Vincentelli,
Sanjit A. Seshia
Abstract:
Contract-based design is a method to facilitate modular system design. While there has been substantial progress on the theory of contracts, there has been less progress on scalable algorithms for the algebraic operations in this theory. In this paper, we present: 1) principles to implement a contract-based design tool at scale and 2) Pacti, a tool that can efficiently compute these operations. We…
▽ More
Contract-based design is a method to facilitate modular system design. While there has been substantial progress on the theory of contracts, there has been less progress on scalable algorithms for the algebraic operations in this theory. In this paper, we present: 1) principles to implement a contract-based design tool at scale and 2) Pacti, a tool that can efficiently compute these operations. We then illustrate the use of Pacti in a variety of case studies.
△ Less
Submitted 30 March, 2023;
originally announced March 2023.
-
Barrier-Based Test Synthesis for Safety-Critical Systems Subject to Timed Reach-Avoid Specifications
Authors:
Prithvi Akella,
Mohamadreza Ahmadi,
Richard M. Murray,
Aaron D. Ames
Abstract:
We propose an adversarial, time-varying test-synthesis procedure for safety-critical systems without requiring specific knowledge of the underlying controller steering the system. From a broader test and evaluation context, determination of difficult tests of system behavior is important as these tests would elucidate problematic system phenomena before these mistakes can engender problematic outc…
▽ More
We propose an adversarial, time-varying test-synthesis procedure for safety-critical systems without requiring specific knowledge of the underlying controller steering the system. From a broader test and evaluation context, determination of difficult tests of system behavior is important as these tests would elucidate problematic system phenomena before these mistakes can engender problematic outcomes, e.g. loss of human life in autonomous cars, costly failures for airplane systems, etc. Our approach builds on existing, simulation-based work in the test and evaluation literature by offering a controller-agnostic test-synthesis procedure that provides a series of benchmark tests with which to determine controller reliability. To achieve this, our approach codifies the system objective as a timed reach-avoid specification. Then, by coupling control barrier functions with this class of specifications, we construct an instantaneous difficulty metric whose minimizer corresponds to the most difficult test at that system state. We use this instantaneous difficulty metric in a game-theoretic fashion, to produce an adversarial, time-varying test-synthesis procedure that does not require specific knowledge of the system's controller, but can still provably identify realizable and maximally difficult tests of system behavior. Finally, we develop this test-synthesis procedure for both continuous and discrete-time systems and showcase our test-synthesis procedure on simulated and hardware examples.
△ Less
Submitted 23 January, 2023;
originally announced January 2023.
-
Synthesizing Reactive Test Environments for Autonomous Systems: Testing Reach-Avoid Specifications with Multi-Commodity Flows
Authors:
Apurva Badithela,
Josefine B. Graebener,
Wyatt Ubellacker,
Eric V. Mazumdar,
Aaron D. Ames,
Richard M. Murray
Abstract:
We study automated test generation for verifying discrete decision-making modules in autonomous systems. We utilize linear temporal logic to encode the requirements on the system under test in the system specification and the behavior that we want to observe during the test is given as the test specification which is unknown to the system. First, we use the specifications and their corresponding n…
▽ More
We study automated test generation for verifying discrete decision-making modules in autonomous systems. We utilize linear temporal logic to encode the requirements on the system under test in the system specification and the behavior that we want to observe during the test is given as the test specification which is unknown to the system. First, we use the specifications and their corresponding non-deterministic Büchi automata to generate the specification product automaton. Second, a virtual product graph representing the high-level interaction between the system and the test environment is constructed modeling the product automaton encoding the system, the test environment, and specifications. The main result of this paper is an optimization problem, framed as a multi-commodity network flow problem, that solves for constraints on the virtual product graph which can then be projected to the test environment. Therefore, the result of the optimization problem is reactive test synthesis that ensures that the system meets the test specifications along with satisfying the system specifications. This framework is illustrated in simulation on grid world examples, and demonstrated on hardware with the Unitree A1 quadruped, wherein dynamic locomotion behaviors are verified in the context of reactive test environments.
△ Less
Submitted 19 October, 2022;
originally announced October 2022.
-
Evaluation Metrics for Object Detection for Autonomous Systems
Authors:
Apurva Badithela,
Tichakorn Wongpiromsarn,
Richard M. Murray
Abstract:
This paper studies the evaluation of learning-based object detection models in conjunction with model-checking of formal specifications defined on an abstract model of an autonomous system and its environment. In particular, we define two metrics -- \emph{proposition-labeled} and \emph{class-labeled} confusion matrices -- for evaluating object detection, and we incorporate these metrics to compute…
▽ More
This paper studies the evaluation of learning-based object detection models in conjunction with model-checking of formal specifications defined on an abstract model of an autonomous system and its environment. In particular, we define two metrics -- \emph{proposition-labeled} and \emph{class-labeled} confusion matrices -- for evaluating object detection, and we incorporate these metrics to compute the satisfaction probability of system-level safety requirements. While confusion matrices have been effective for comparative evaluation of classification and object detection models, our framework fills two key gaps. First, we relate the performance of object detection to formal requirements defined over downstream high-level planning tasks. In particular, we provide empirical results that show that the choice of a good object detection algorithm, with respect to formal requirements on the overall system, significantly depends on the downstream planning and control design. Secondly, unlike the traditional confusion matrix, our metrics account for variations in performance with respect to the distance between the ego and the object being detected. We demonstrate this framework on a car-pedestrian example by computing the satisfaction probabilities for safety requirements formalized in Linear Temporal Logic (LTL).
△ Less
Submitted 19 October, 2022;
originally announced October 2022.
-
OUTformation: Distributed Data-Gathering with Feedback under Unknown Environment and Communication Delay Constraints
Authors:
SooJean Han,
Michelle Effros,
Richard M. Murray
Abstract:
Towards the informed design of large-scale distributed data-gathering architectures under real-world assumptions such as nonzero communication delays and unknown environment dynamics, this paper considers the effects of allowing feedback communication from the central processor to external sensors. Using simple but representative state-estimation examples, we investigate fundamental tradeoffs betw…
▽ More
Towards the informed design of large-scale distributed data-gathering architectures under real-world assumptions such as nonzero communication delays and unknown environment dynamics, this paper considers the effects of allowing feedback communication from the central processor to external sensors. Using simple but representative state-estimation examples, we investigate fundamental tradeoffs between the mean-squared error (MSE) of the central processor's estimate of the environment state, and the total power expenditure per sensor under more conventional architectures without feedback (INformation) versus those with broadcast feedback (OUTformation). The primary advantage of enabling feedback is that each sensor's understanding of the central processor's estimate improves, which enables each sensor to determine when and what parts of its current observations to transmit. We use theory to demonstrate conditions in which OUTformation maintains the same MSE as INformation with less power expended on average, and conditions in which OUTformation obtains less MSE than INformation at additional power cost. These performance tradeoffs are also considered under settings where environments undergo less variation, and sensors implement random backoff times to prevent transmission collisions. Our results are supported via numerical studies, which show that the properties derived in theory still hold even when some of the simplifying assumptions are removed.
△ Less
Submitted 12 August, 2022;
originally announced August 2022.
-
Towards Better Test Coverage: Merging Unit Tests for Autonomous Systems
Authors:
Josefine Graebener,
Apurva Badithela,
Richard M. Murray
Abstract:
We present a framework for merging unit tests for autonomous systems. Typically, it is intractable to test an autonomous system for every scenario in its operating environment. The question of whether it is possible to design a single test for multiple requirements of the system motivates this work. First, we formally define three attributes of a test: a test specification that characterizes behav…
▽ More
We present a framework for merging unit tests for autonomous systems. Typically, it is intractable to test an autonomous system for every scenario in its operating environment. The question of whether it is possible to design a single test for multiple requirements of the system motivates this work. First, we formally define three attributes of a test: a test specification that characterizes behaviors observed in a test execution, a test environment, and a test policy. Using the merge operator from contract-based design theory, we provide a formalism to construct a merged test specification from two unit test specifications. Temporal constraints on the merged test specification guarantee that non-trivial satisfaction of both unit test specifications is necessary for a successful merged test execution. We assume that the test environment remains the same across the unit tests and the merged test. Given a test specification and a test environment, we synthesize a test policy filter using a receding horizon approach, and use the test policy filter to guide a search procedure (e.g. Monte-Carlo Tree Search) to find a test policy that is guaranteed to satisfy the test specification. This search procedure finds a test policy that maximizes a pre-defined robustness metric for the test while the filter guarantees a test policy for satisfying the test specification. We prove that our algorithm is sound. Furthermore, the receding horizon approach to synthesizing the filter ensures that our algorithm is scalable. Finally, we show that merging unit tests is impactful for designing efficient test campaigns to achieve similar levels of coverage in fewer test executions. We illustrate our framework on two self-driving examples in a discrete-state setting.
△ Less
Submitted 5 April, 2022;
originally announced April 2022.
-
Risk-Averse Decision Making Under Uncertainty
Authors:
Mohamadreza Ahmadi,
Ugo Rosolia,
Michel D. Ingham,
Richard M. Murray,
Aaron D. Ames
Abstract:
A large class of decision making under uncertainty problems can be described via Markov decision processes (MDPs) or partially observable MDPs (POMDPs), with application to artificial intelligence and operations research, among others. Traditionally, policy synthesis techniques are proposed such that a total expected cost or reward is minimized or maximized. However, optimality in the total expect…
▽ More
A large class of decision making under uncertainty problems can be described via Markov decision processes (MDPs) or partially observable MDPs (POMDPs), with application to artificial intelligence and operations research, among others. Traditionally, policy synthesis techniques are proposed such that a total expected cost or reward is minimized or maximized. However, optimality in the total expected cost sense is only reasonable if system behavior in the large number of runs is of interest, which has limited the use of such policies in practical mission-critical scenarios, wherein large deviations from the expected behavior may lead to mission failure. In this paper, we consider the problem of designing policies for MDPs and POMDPs with objectives and constraints in terms of dynamic coherent risk measures, which we refer to as the constrained risk-averse problem. For MDPs, we reformulate the problem into a infsup problem via the Lagrangian framework and propose an optimization-based method to synthesize Markovian policies. For MDPs, we demonstrate that the formulated optimization problems are in the form of difference convex programs (DCPs) and can be solved by the disciplined convex-concave programming (DCCP) framework. We show that these results generalize linear programs for constrained MDPs with total discounted expected costs and constraints. For POMDPs, we show that, if the coherent risk measures can be defined as a Markov risk transition mapping, an infinite-dimensional optimization can be used to design Markovian belief-based policies. For stochastic finite-state controllers (FSCs), we show that the latter optimization simplifies to a (finite-dimensional) DCP and can be solved by the DCCP framework. We incorporate these DCPs in a policy iteration algorithm to design risk-averse FSCs for POMDPs.
△ Less
Submitted 9 September, 2021;
originally announced September 2021.
-
Synthesis of Static Test Environments for Observing Sequence-like Behaviors in Autonomous Systems
Authors:
Apurva Badithela,
Richard M. Murray
Abstract:
In this paper, we investigate formal test-case generation for high-level mission objectives, specifically reachability, of autonomous systems. We use Kripke structures to represent the high-level decision-making of the agent under test and the abstraction of the test environment. First, we define the notion of a test specification, focusing on a fragment of linear temporal logic represented by seq…
▽ More
In this paper, we investigate formal test-case generation for high-level mission objectives, specifically reachability, of autonomous systems. We use Kripke structures to represent the high-level decision-making of the agent under test and the abstraction of the test environment. First, we define the notion of a test specification, focusing on a fragment of linear temporal logic represented by sequence temporal logic formulas. Second, we formulate the problem of test graph synthesis to find a test configuration for which the agent must satisfy the test specification to satisfy its mission objectives. We an algorithm, based on network flows, for synthesizing a test graph by restricting transitions, represented by edge deletions, on the original graph induced by the Kripke structures. The algorithm synthesizes the test graph iteratively using an integer linear program. We prove completeness for our algorithm, and we show that the edge deletions in each iteration maintain feasibility of the integer linear program in the subsequent iteration. We formalize the notion of a minimally constrained test graph in terms of maximum flow, and prove the synthesized test graph to be minimally constrained. We demonstrate our algorithm on a simple graph and on gridworlds.
△ Less
Submitted 12 August, 2021;
originally announced August 2021.
-
Leveraging Classification Metrics for Quantitative System-Level Analysis with Temporal Logic Specifications
Authors:
Apurva Badithela,
Tichakorn Wongpiromsarn,
Richard M. Murray
Abstract:
In many autonomy applications, performance of perception algorithms is important for effective planning and control. In this paper, we introduce a framework for computing the probability of satisfaction of formal system specifications given a confusion matrix, a statistical average performance measure for multi-class classification. We define the probability of satisfaction of a linear temporal lo…
▽ More
In many autonomy applications, performance of perception algorithms is important for effective planning and control. In this paper, we introduce a framework for computing the probability of satisfaction of formal system specifications given a confusion matrix, a statistical average performance measure for multi-class classification. We define the probability of satisfaction of a linear temporal logic formula given a specific initial state of the agent and true state of the environment. Then, we present an algorithm to construct a Markov chain that represents the system behavior under the composition of the perception and control components such that the probability of the temporal logic formula computed over the Markov chain is consistent with the probability that the temporal logic formula is satisfied by our system. We illustrate this approach on a simple example of a car with pedestrian on the sidewalk environment, and compute the probability of satisfaction of safety requirements for varying parameters of the vehicle. We also illustrate how satisfaction probability changes with varied precision and recall derived from the confusion matrix. Based on our results, we identify several opportunities for future work in developing quantitative system-level analysis that incorporates perception models.
△ Less
Submitted 15 May, 2021;
originally announced May 2021.
-
Failure-Tolerant Contract-Based Design of an Automated Valet Parking System using a Directive-Response Architecture
Authors:
Josefine Graebener,
Tung Phan-Minh,
Jiaqi Yan,
Qiming Zhao,
Richard M. Murray
Abstract:
Increased complexity in cyber-physical systems calls for modular system design methodologies that guarantee correct and reliable behavior, both in normal operations and in the presence of failures. This paper aims to extend the contract-based design approach using a directive-response architecture to enable reactivity to failure scenarios. The architecture is demonstrated on a modular automated va…
▽ More
Increased complexity in cyber-physical systems calls for modular system design methodologies that guarantee correct and reliable behavior, both in normal operations and in the presence of failures. This paper aims to extend the contract-based design approach using a directive-response architecture to enable reactivity to failure scenarios. The architecture is demonstrated on a modular automated valet parking (AVP) system. The contracts for the different components in the AVP system are explicitly defined, implemented, and validated against a Python implementation.
△ Less
Submitted 23 March, 2021;
originally announced March 2021.
-
Limits of Probabilistic Safety Guarantees when Considering Human Uncertainty
Authors:
Richard Cheng,
Richard M. Murray,
Joel W. Burdick
Abstract:
When autonomous robots interact with humans, such as during autonomous driving, explicit safety guarantees are crucial in order to avoid potentially life-threatening accidents. Many data-driven methods have explored learning probabilistic bounds over human agents' trajectories (i.e. confidence tubes that contain trajectories with probability $δ$), which can then be used to guarantee safety with pr…
▽ More
When autonomous robots interact with humans, such as during autonomous driving, explicit safety guarantees are crucial in order to avoid potentially life-threatening accidents. Many data-driven methods have explored learning probabilistic bounds over human agents' trajectories (i.e. confidence tubes that contain trajectories with probability $δ$), which can then be used to guarantee safety with probability $1-δ$. However, almost all existing works consider $δ\geq 0.001$. The purpose of this paper is to argue that (1) in safety-critical applications, it is necessary to provide safety guarantees with $δ< 10^{-8}$, and (2) current learning-based methods are ill-equipped to compute accurate confidence bounds at such low $δ$. Using human driving data (from the highD dataset), as well as synthetically generated data, we show that current uncertainty models use inaccurate distributional assumptions to describe human behavior and/or require infeasible amounts of data to accurately learn confidence bounds for $δ\leq 10^{-8}$. These two issues result in unreliable confidence bounds, which can have dangerous implications if deployed on safety-critical systems.
△ Less
Submitted 24 March, 2021; v1 submitted 4 March, 2021;
originally announced March 2021.
-
Constrained Risk-Averse Markov Decision Processes
Authors:
Mohamadreza Ahmadi,
Ugo Rosolia,
Michel D. Ingham,
Richard M. Murray,
Aaron D. Ames
Abstract:
We consider the problem of designing policies for Markov decision processes (MDPs) with dynamic coherent risk objectives and constraints. We begin by formulating the problem in a Lagrangian framework. Under the assumption that the risk objectives and constraints can be represented by a Markov risk transition mapping, we propose an optimization-based method to synthesize Markovian policies that low…
▽ More
We consider the problem of designing policies for Markov decision processes (MDPs) with dynamic coherent risk objectives and constraints. We begin by formulating the problem in a Lagrangian framework. Under the assumption that the risk objectives and constraints can be represented by a Markov risk transition mapping, we propose an optimization-based method to synthesize Markovian policies that lower-bound the constrained risk-averse problem. We demonstrate that the formulated optimization problems are in the form of difference convex programs (DCPs) and can be solved by the disciplined convex-concave programming (DCCP) framework. We show that these results generalize linear programs for constrained MDPs with total discounted expected costs and constraints. Finally, we illustrate the effectiveness of the proposed method with numerical experiments on a rover navigation problem involving conditional-value-at-risk (CVaR) and entropic-value-at-risk (EVaR) coherent risk measures.
△ Less
Submitted 28 March, 2021; v1 submitted 4 December, 2020;
originally announced December 2020.
-
Rules of the Road: Safety and Liveness Guarantees for Autonomous Vehicles
Authors:
Karena X. Cai,
Tung Phan-Minh,
Soon-Jo Chung,
Richard M. Murray
Abstract:
The ability to guarantee safety and progress for all vehicles is vital to the success of the autonomous vehicle industry. We present a framework for designing autonomous vehicle behavior in a way that is safe and guarantees progress for all agents. In this paper, we first introduce a new game paradigm which we term the quasi-simultaneous game. We then define an agent protocol that all agents must…
▽ More
The ability to guarantee safety and progress for all vehicles is vital to the success of the autonomous vehicle industry. We present a framework for designing autonomous vehicle behavior in a way that is safe and guarantees progress for all agents. In this paper, we first introduce a new game paradigm which we term the quasi-simultaneous game. We then define an agent protocol that all agents must use to make decisions in this quasi-simultaneous game setting. According to the protocol, agents first select an intended action using a behavioral profile. Then, the protocol defines whether an agent has precedence to take its intended action or must take a sub-optimal action. The protocol ensures safety under all traffic conditions and liveness for all agents under `sparse' traffic conditions. We provide proofs of correctness of the protocol and validate our results in simulation.
△ Less
Submitted 23 March, 2021; v1 submitted 28 November, 2020;
originally announced November 2020.
-
Formal Test Synthesis for Safety-Critical Autonomous Systems based on Control Barrier Functions
Authors:
Prithvi Akella,
Mohamadreza Ahmadi,
Richard M. Murray,
Aaron D. Ames
Abstract:
The prolific rise in autonomous systems has led to questions regarding their safe instantiation in real-world scenarios. Failures in safety-critical contexts such as human-robot interactions or even autonomous driving can ultimately lead to loss of life. In this context, this paper aims to provide a method by which one can algorithmically test and evaluate an autonomous system. Given a black-box a…
▽ More
The prolific rise in autonomous systems has led to questions regarding their safe instantiation in real-world scenarios. Failures in safety-critical contexts such as human-robot interactions or even autonomous driving can ultimately lead to loss of life. In this context, this paper aims to provide a method by which one can algorithmically test and evaluate an autonomous system. Given a black-box autonomous system with some operational specifications, we construct a minimax problem based on control barrier functions to generate a family of test parameters designed to optimally evaluate whether the system can satisfy the specifications. To illustrate our results, we utilize the Robotarium as a case study for an autonomous system that claims to satisfy waypoint navigation and obstacle avoidance simultaneously. We demonstrate that the proposed test synthesis framework systematically finds those sequences of events (tests) that identify points of system failure.
△ Less
Submitted 8 April, 2020;
originally announced April 2020.
-
Counter-example Guided Learning of Bounds on Environment Behavior
Authors:
Yuxiao Chen,
Sumanth Dathathri,
Tung Phan-Minh,
Richard M. Murray
Abstract:
There is a growing interest in building autonomous systems that interact with complex environments. The difficulty associated with obtaining an accurate model for such environments poses a challenge to the task of assessing and guaranteeing the system's performance. We present a data-driven solution that allows for a system to be evaluated for specification conformance without an accurate model of…
▽ More
There is a growing interest in building autonomous systems that interact with complex environments. The difficulty associated with obtaining an accurate model for such environments poses a challenge to the task of assessing and guaranteeing the system's performance. We present a data-driven solution that allows for a system to be evaluated for specification conformance without an accurate model of the environment. Our approach involves learning a conservative reactive bound of the environment's behavior using data and specification of the system's desired behavior. First, the approach begins by learning a conservative reactive bound on the environment's actions that captures its possible behaviors with high probability. This bound is then used to assist verification, and if the verification fails under this bound, the algorithm returns counter-examples to show how failure occurs and then uses these to refine the bound. We demonstrate the applicability of the approach through two case-studies: i) verifying controllers for a toy multi-robot system, and ii) verifying an instance of human-robot interaction during a lane-change maneuver given real-world human driving data.
△ Less
Submitted 6 February, 2020; v1 submitted 20 January, 2020;
originally announced January 2020.
-
Learning Pose Estimation for UAV Autonomous Navigation andLanding Using Visual-Inertial Sensor Data
Authors:
Francesca Baldini,
Animashree Anandkumar,
Richard M. Murray
Abstract:
In this work, we propose a new learning approach for autonomous navigation and landing of an Unmanned-Aerial-Vehicle (UAV). We develop a multimodal fusion of deep neural architectures for visual-inertial odometry. We train the model in an end-to-end fashion to estimate the current vehicle pose from streams of visual and inertial measurements. We first evaluate the accuracy of our estimation by com…
▽ More
In this work, we propose a new learning approach for autonomous navigation and landing of an Unmanned-Aerial-Vehicle (UAV). We develop a multimodal fusion of deep neural architectures for visual-inertial odometry. We train the model in an end-to-end fashion to estimate the current vehicle pose from streams of visual and inertial measurements. We first evaluate the accuracy of our estimation by comparing the prediction of the model to traditional algorithms on the publicly available EuRoC MAV dataset. The results illustrate a $25 \%$ improvement in estimation accuracy over the baseline. Finally, we integrate the architecture in the closed-loop flight control system of Airsim - a plugin simulator for Unreal Engine - and we provide simulation results for autonomous navigation and landing.
△ Less
Submitted 9 April, 2020; v1 submitted 10 December, 2019;
originally announced December 2019.
-
Intermittent Connectivity for Exploration in Communication-Constrained Multi-Agent Systems
Authors:
Filip Klaesson,
Petter Nilsson,
Aaron D. Ames,
Richard M. Murray
Abstract:
Motivated by exploration of communication-constrained underground environments using robot teams, we study the problem of planning for intermittent connectivity in multi-agent systems. We propose a novel concept of information-consistency to handle situations where the plan is not initially known by all agents, and suggest an integer linear program for synthesizing information-consistent plans tha…
▽ More
Motivated by exploration of communication-constrained underground environments using robot teams, we study the problem of planning for intermittent connectivity in multi-agent systems. We propose a novel concept of information-consistency to handle situations where the plan is not initially known by all agents, and suggest an integer linear program for synthesizing information-consistent plans that also achieve auxiliary goals. Furthermore, inspired by network flow problems we propose a novel way to pose connectivity constraints that scales much better than previous methods. In the second part of the paper we apply these results in an exploration setting, and propose a clustering method that separates a large exploration problem into smaller problems that can be solved independently. We demonstrate how the resulting exploration algorithm is able to coordinate a team of ten agents to explore a large environment.
△ Less
Submitted 19 November, 2019;
originally announced November 2019.
-
Risk-Averse Planning Under Uncertainty
Authors:
Mohamadreza Ahmadi,
Masahiro Ono,
Michel D. Ingham,
Richard M. Murray,
Aaron D. Ames
Abstract:
We consider the problem of designing policies for partially observable Markov decision processes (POMDPs) with dynamic coherent risk objectives. Synthesizing risk-averse optimal policies for POMDPs requires infinite memory and thus undecidable. To overcome this difficulty, we propose a method based on bounded policy iteration for designing stochastic but finite state (memory) controllers, which ta…
▽ More
We consider the problem of designing policies for partially observable Markov decision processes (POMDPs) with dynamic coherent risk objectives. Synthesizing risk-averse optimal policies for POMDPs requires infinite memory and thus undecidable. To overcome this difficulty, we propose a method based on bounded policy iteration for designing stochastic but finite state (memory) controllers, which takes advantage of standard convex optimization methods. Given a memory budget and optimality criterion, the proposed method modifies the stochastic finite state controller leading to sub-optimal solutions with lower coherent risk.
△ Less
Submitted 27 September, 2019;
originally announced September 2019.
-
Towards Assume-Guarantee Profiles for Autonomous Vehicles
Authors:
Tung Phan-Minh,
Karena X. Cai,
Richard M. Murray
Abstract:
Rules or specifications for autonomous vehicles are currently formulated on a case-by-case basis, and put together in a rather ad-hoc fashion. As a step towards eliminating this practice, we propose a systematic procedure for generating a set of supervisory specifications for self-driving cars that are 1) associated with a distributed assume-guarantee structure and 2) characterizable by the notion…
▽ More
Rules or specifications for autonomous vehicles are currently formulated on a case-by-case basis, and put together in a rather ad-hoc fashion. As a step towards eliminating this practice, we propose a systematic procedure for generating a set of supervisory specifications for self-driving cars that are 1) associated with a distributed assume-guarantee structure and 2) characterizable by the notion of consistency and completeness. Besides helping autonomous vehicles make better decisions on the road, the assume-guarantee contract structure also helps address the notion of blame when undesirable events occur. We give several game-theoretic examples to demonstrate applicability of our framework.
△ Less
Submitted 12 September, 2019; v1 submitted 11 September, 2019;
originally announced September 2019.
-
End-to-End Safe Reinforcement Learning through Barrier Functions for Safety-Critical Continuous Control Tasks
Authors:
Richard Cheng,
Gabor Orosz,
Richard M. Murray,
Joel W. Burdick
Abstract:
Reinforcement Learning (RL) algorithms have found limited success beyond simulated applications, and one main reason is the absence of safety guarantees during the learning process. Real world systems would realistically fail or break before an optimal controller can be learned. To address this issue, we propose a controller architecture that combines (1) a model-free RL-based controller with (2)…
▽ More
Reinforcement Learning (RL) algorithms have found limited success beyond simulated applications, and one main reason is the absence of safety guarantees during the learning process. Real world systems would realistically fail or break before an optimal controller can be learned. To address this issue, we propose a controller architecture that combines (1) a model-free RL-based controller with (2) model-based controllers utilizing control barrier functions (CBFs) and (3) on-line learning of the unknown system dynamics, in order to ensure safety during learning. Our general framework leverages the success of RL algorithms to learn high-performance controllers, while the CBF-based controllers both guarantee safety and guide the learning process by constraining the set of explorable polices. We utilize Gaussian Processes (GPs) to model the system dynamics and its uncertainties.
Our novel controller synthesis algorithm, RL-CBF, guarantees safety with high probability during the learning process, regardless of the RL algorithm used, and demonstrates greater policy exploration efficiency. We test our algorithm on (1) control of an inverted pendulum and (2) autonomous car-following with wireless vehicle-to-vehicle communication, and show that our algorithm attains much greater sample efficiency in learning than other state-of-the-art algorithms and maintains safety during the entire learning process.
△ Less
Submitted 20 March, 2019;
originally announced March 2019.
-
Detecting Adversarial Examples via Neural Fingerprinting
Authors:
Sumanth Dathathri,
Stephan Zheng,
Tianwei Yin,
Richard M. Murray,
Yisong Yue
Abstract:
Deep neural networks are vulnerable to adversarial examples, which dramatically alter model output using small input changes. We propose Neural Fingerprinting, a simple, yet effective method to detect adversarial examples by verifying whether model behavior is consistent with a set of secret fingerprints, inspired by the use of biometric and cryptographic signatures. The benefits of our method are…
▽ More
Deep neural networks are vulnerable to adversarial examples, which dramatically alter model output using small input changes. We propose Neural Fingerprinting, a simple, yet effective method to detect adversarial examples by verifying whether model behavior is consistent with a set of secret fingerprints, inspired by the use of biometric and cryptographic signatures. The benefits of our method are that 1) it is fast, 2) it is prohibitively expensive for an attacker to reverse-engineer which fingerprints were used, and 3) it does not assume knowledge of the adversary. In this work, we pose a formal framework to analyze fingerprints under various threat models, and characterize Neural Fingerprinting for linear models. For complex neural networks, we empirically demonstrate that Neural Fingerprinting significantly improves on state-of-the-art detection mechanisms by detecting the strongest known adversarial attacks with 98-100% AUC-ROC scores on the MNIST, CIFAR-10 and MiniImagenet (20 classes) datasets. In particular, the detection accuracy of Neural Fingerprinting generalizes well to unseen test-data under various black- and whitebox threat models, and is robust over a wide range of hyperparameters and choices of fingerprints.
△ Less
Submitted 14 June, 2019; v1 submitted 10 March, 2018;
originally announced March 2018.
-
Decomposing GR(1) Games with Singleton Liveness Guarantees for Efficient Synthesis
Authors:
Sumanth Dathathri,
Richard M. Murray
Abstract:
Temporal logic based synthesis approaches are often used to find trajectories that are correct-by-construction for tasks in systems with complex behavior. Some examples of such tasks include synchronization for multi-agent hybrid systems, reactive motion planning for robots. However, the scalability of such approaches is of concern and at times a bottleneck when transitioning from theory to practi…
▽ More
Temporal logic based synthesis approaches are often used to find trajectories that are correct-by-construction for tasks in systems with complex behavior. Some examples of such tasks include synchronization for multi-agent hybrid systems, reactive motion planning for robots. However, the scalability of such approaches is of concern and at times a bottleneck when transitioning from theory to practice. In this paper, we identify a class of problems in the GR(1) fragment of linear-time temporal logic (LTL) where the synthesis problem allows for a decomposition that enables easy parallelization. This decomposition also reduces the alternation depth, resulting in more efficient synthesis. A multi-agent robot gridworld example with coordination tasks is presented to demonstrate the application of the developed ideas and also to perform empirical analysis for benchmarking the decomposition-based synthesis approach.
△ Less
Submitted 20 September, 2017;
originally announced September 2017.
-
Model Predictive Control for Signal Temporal Logic Specification
Authors:
Vasumathi Raman,
Alexandre Donzé,
Mehdi Maasoumy,
Richard M. Murray,
Alberto Sangiovanni-Vincentelli,
Sanjit A. Seshia
Abstract:
We present a mathematical programming-based method for model predictive control of cyber-physical systems subject to signal temporal logic (STL) specifications. We describe the use of STL to specify a wide range of properties of these systems, including safety, response and bounded liveness. For synthesis, we encode STL specifications as mixed integer-linear constraints on the system variables in…
▽ More
We present a mathematical programming-based method for model predictive control of cyber-physical systems subject to signal temporal logic (STL) specifications. We describe the use of STL to specify a wide range of properties of these systems, including safety, response and bounded liveness. For synthesis, we encode STL specifications as mixed integer-linear constraints on the system variables in the optimization problem at each step of a receding horizon control framework. We prove correctness of our algorithms, and present experimental results for controller synthesis for building energy and climate control.
△ Less
Submitted 28 March, 2017;
originally announced March 2017.
-
A multi-paradigm language for reactive synthesis
Authors:
Ioannis Filippidis,
Richard M. Murray,
Gerard J. Holzmann
Abstract:
This paper proposes a language for describing reactive synthesis problems that integrates imperative and declarative elements. The semantics is defined in terms of two-player turn-based infinite games with full information. Currently, synthesis tools accept linear temporal logic (LTL) as input, but this description is less structured and does not facilitate the expression of sequential constraints…
▽ More
This paper proposes a language for describing reactive synthesis problems that integrates imperative and declarative elements. The semantics is defined in terms of two-player turn-based infinite games with full information. Currently, synthesis tools accept linear temporal logic (LTL) as input, but this description is less structured and does not facilitate the expression of sequential constraints. This motivates the use of a structured programming language to specify synthesis problems. Transition systems and guarded commands serve as imperative constructs, expressed in a syntax based on that of the modeling language Promela. The syntax allows defining which player controls data and control flow, and separating a program into assumptions and guarantees. These notions are necessary for input to game solvers. The integration of imperative and declarative paradigms allows using the paradigm that is most appropriate for expressing each requirement. The declarative part is expressed in the LTL fragment of generalized reactivity(1), which admits efficient synthesis algorithms, extended with past LTL. The implementation translates Promela to input for the Slugs synthesizer and is written in Python. The AMBA AHB bus case study is revisited and synthesized efficiently, identifying the need to reorder binary decision diagrams during strategy construction, in order to prevent the exponential blowup observed in previous work.
△ Less
Submitted 2 February, 2016;
originally announced February 2016.
-
Symbolic construction of GR(1) contracts for synchronous systems with full information
Authors:
Ioannis Filippidis,
Richard M. Murray
Abstract:
This work proposes a symbolic algorithm for the construction of assume-guarantee specifications that allow multiple agents to cooperate. Each agent is assigned goals expressed in a fragment of linear temporal logic known as generalized reactivity of rank 1 (GR(1)). These goals may be unrealizable, unless additional assumptions are made by each agent about the behavior of the other agents. The prop…
▽ More
This work proposes a symbolic algorithm for the construction of assume-guarantee specifications that allow multiple agents to cooperate. Each agent is assigned goals expressed in a fragment of linear temporal logic known as generalized reactivity of rank 1 (GR(1)). These goals may be unrealizable, unless additional assumptions are made by each agent about the behavior of the other agents. The proposed algorithm constructs weakly fair assumptions for each agent, to ensure that they can cooperate successfully. A necessary requirement is that the given goals be cooperatively satisfiable. We prove that there exist games for which the GR(1) fragment with liveness properties over states is not sufficient to ensure realizability from any state in the cooperatively winning set. The obstruction is due to circular dependencies of liveness goals. To prevent circularity, we introduce nested games as a formalism to express specifications with conditional assumptions. The algorithm is symbolic, with fixpoint structure similar to the GR(1) synthesis algorithm, implying time complexity polynomial in the number of states, and linear in the number of recurrence goals.
△ Less
Submitted 11 August, 2015;
originally announced August 2015.
-
Extremal Properties of Complex Networks
Authors:
Dionysios Barmpoutis,
Richard M. Murray
Abstract:
We describe the structure of connected graphs with the minimum and maximum average distance, radius, diameter, betweenness centrality, efficiency and resistance distance, given their order and size. We find tight bounds on these graph qualities for any arbitrary number of nodes and edges and analytically derive the form and properties of such networks.
We describe the structure of connected graphs with the minimum and maximum average distance, radius, diameter, betweenness centrality, efficiency and resistance distance, given their order and size. We find tight bounds on these graph qualities for any arbitrary number of nodes and edges and analytically derive the form and properties of such networks.
△ Less
Submitted 28 April, 2011;
originally announced April 2011.
-
Quantification and Minimization of Crosstalk Sensitivity in Networks
Authors:
Dionysios Barmpoutis,
Richard M. Murray
Abstract:
Crosstalk is defined as the set of unwanted interactions among the different entities of a network. Crosstalk is present in various degrees in every system where information is transmitted through a means that is accessible by all the individual units of the network. Using concepts from graph theory, we introduce a quantifiable measure for sensitivity to crosstalk, and analytically derive the stru…
▽ More
Crosstalk is defined as the set of unwanted interactions among the different entities of a network. Crosstalk is present in various degrees in every system where information is transmitted through a means that is accessible by all the individual units of the network. Using concepts from graph theory, we introduce a quantifiable measure for sensitivity to crosstalk, and analytically derive the structure of the networks in which it is minimized. It is shown that networks with an inhomogeneous degree distribution are more robust to crosstalk than corresponding homogeneous networks. We provide a method to construct the graph with the minimum possible sensitivity to crosstalk, given its order and size. Finally, for networks with a fixed degree sequence, we present an algorithm to find the optimal interconnection structure among their vertices.
△ Less
Submitted 2 December, 2010;
originally announced December 2010.