formal methods, machine learning, and cyber …sseshia/talks/seshia...“temporal logic planning and...
TRANSCRIPT
![Page 1: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/1.jpg)
Formal Methods, Machine Learning, and Cyber‐Physical Systems
Sanjit A. SeshiaProfessor
UC Berkeley
ATVA 2018 TutorialOctober 7, 2018
![Page 2: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/2.jpg)
Formal Methods
Machine Learning
Cyber-Physical Systems
Connections in this Lecture
1
2
![Page 3: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/3.jpg)
Synthesis of Controllers/Plans for Cyber‐Physical Systems
S. A. Seshia 3
[Shoukry et al., HSCC 2017, CDC 2017, Proc. IEEE 2018;Desai et al. ICCPS 2017; Saha et al., IROS 2014]
Joint work with:Ankush Desai, Shromona Ghosh, Pierluigi Nuzzo, Indranil Saha, Yasser Shoukry, Vijay Kumar, George Pappas, Shaz Qadeer,
Alberto Sangiovanni‐Vincentelli, Paulo Tabuada
![Page 4: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/4.jpg)
TerraSwarm Research Center & NSF ExCAPE project
Goal: Correct‐by‐Construction Motion Planning for Robotics
4
Declarative Task Specification (Temporal Logic)[+ Examples]
Safe, Correct Executable Software
ComponentLibrary
CompilerDrone executing plan in ROS/Gazebo Simulator
![Page 5: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/5.jpg)
Challenges
• Scalable synthesis of motion plans blending high‐level (discrete) and low‐level (continuous) control
• Implementation in software on top of networked robotics platforms
• Dealing with untrusted components, uncertainty in environment, and ML‐based perception
S. A. Seshia 5
![Page 6: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/6.jpg)
Motion Planning Problem
6
• Problem: Compute an obstacle‐free trajectory that is feasible with the given robot dynamics within the target workspace.
• Core problem for autonomous vehicles
• Challenges:
– Handling high‐level tasks (captured by formalisms such as Linear Temporal Logic)
– Handling distributed team of robots
– Handling uncertainty
[Shoukry et al., HSCC 2017, CDC 2017, Proc. IEEE 2018;Saha et al., IROS 2014]
![Page 7: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/7.jpg)
Related Work: Sampling-based Methods
• S. Karaman and E. Frazzoli, “Optimal kinodynamic motion planning using incremental sampling-based methods,” CDC 2010.
• A. Bhatia, L. E. Kavraki, and M. Y. Vardi, “Sampling-based motion planning with temporal goals,” ICRA 2010.
• A. Perez, R. Platt, G. Konidaris, L. Kaelbling, and T. Lozano Perez, “LQR-RRT: Optimal sampling-based motion planning with automatically derived extension heuristics,” ICRA 2012
• Do not handle high-level specifications given by formal models, such as LTL.
7
![Page 8: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/8.jpg)
Related Work: Abstraction Based Techniques
8
Discrete Continuous
X
Scales poorly as the number of continuousstates increases
• P. Tabuada and G. J. Pappas, “Linear time logic control of discrete-time linear systems,” TAC 2006.
• M. Kloetzer and C. Belta, “Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007.
• G. E. Fainekos, A. Girard, H. Kress-Gazit, and G. J. Pappas, “Temporal logic motion planning for dynamic robots,” Automatica 2009.
• …
![Page 9: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/9.jpg)
Related Work: Optimization Based Techniques
9
Discrete Continuous• Alberto Bemporad and Manfred
Morari, “Control of systems integrating logic, dynamics, and constraints,” Automatica, 35(3), 1999.
• E. M. Wolff, U. Topcu, and R. M. Murray, “Optimization-based trajectory generation with linear temporal logic specifications,” ICRA 2014.
• V. Raman, A. Donze, D. Sadigh, R. Murray, S. Seshia, “Reactive synthesis from signal temporal logic specifications,” HSCC 2015.
• …
Scales poorly as the number of discretestates increases
![Page 10: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/10.jpg)
Two Extremes
10
Discrete Continuous(Abstraction based)
Discrete Continuous(Optimization based)
X
Scales poorly as the number of continuousstates increases
Scales poorly as the number of discretestates increases
![Page 11: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/11.jpg)
Boolean Constraints
Convex Constraints
Satisfiability Modulo Convex Programming
11
• SAT Solvers: central tools in formal methods to reason about discrete dynamics.
• Convex Optimization: central tools in control theory to reason about continuous dynamics.
• Approach for hybrid dynamics: SAT Solving + Convex Programming
Convex Optimization
Mixed IntegerProgramming
SAT + ConvexSAT Solvers SMT
Solvers
[Shoukry et al., HSCC 2017]
![Page 12: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/12.jpg)
Motivating Example: Obstacle Avoidance
12
• Given:• Robot dynamics (linear)• Input constraints• Initial and final states
• Generate the input sequence (controller)
![Page 13: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/13.jpg)
Motivating Example: Obstacle Avoidance
13
• Given:• Robot dynamics (linear)• Input constraints• Initial and final states
• Generate the input sequence (controller)
![Page 14: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/14.jpg)
Motivating Example: Obstacle Avoidance
14
![Page 15: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/15.jpg)
Motivating Example: Obstacle Avoidance
15
![Page 16: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/16.jpg)
Motivating Example: Obstacle Avoidance
16
SMC FormulaMonotoneDefinition:
![Page 17: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/17.jpg)
Applications: Controller Synthesis
17
Obstacle Avoidance
LTL Motion Planning
Multi-robotMotion Planning
![Page 18: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/18.jpg)
Secure Traffic Routing
Applications: CPS Security
18
Secure Localization
Secure State Estimation
![Page 19: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/19.jpg)
Satisfiability Modulo Convex Programming
19
Monotone SMC Formula
The satisfiability of the monotone SMC formula can always be cast as a feasibility problem for a finite disjunction of convex constraints.
Any feasibility problem for a finite disjunction of convex programs can be posed as a satisfiability problem for a monotone SMC formula.
Theorem:
![Page 20: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/20.jpg)
Complexity of Solving SMC
20
Reduce the number of iterations?
Monotone SMC Formula
![Page 21: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/21.jpg)
Solving SMC
21
Key idea: abstraction-based search
Monotone SMC Formula
![Page 22: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/22.jpg)
• Step 0:• Given a monotone SMC formula , construct its
Boolean expansion:
where is obtained from by replacing each convex constraint with a Boolean variable
Boolean Expansion
22
Lemma:and are equi-satisfiable.
![Page 23: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/23.jpg)
Solver Operation
23
• Step I: Solve the “Booleanabstraction” of the problem.
• Step II: Extract which convexconstraints are active.
• Step III: Check the satisfiability of:
• Step IV: Generate UNSAT certificate:
![Page 24: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/24.jpg)
Solver Operation
24
Performance?
![Page 25: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/25.jpg)
Minimal UNSAT Certificate
25
• Finding a minimal UNSAT certificate is equivalent to finding an Irreducible Infeasible Set (IIS) of:
• NP-hard in general.
• However, our problem has more structure than general IIS problems.
• Can we exploit the structure of the Boolean constraintsto help find the IIS of the convex program?
![Page 26: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/26.jpg)
Summary of UNSAT certificates
26
UNSAT Certificate Minimal
Complexity(number of convex
problems)
Trivial No Constant
IIS Yes Exponential
Sum of Slacks Yes* Linear
Minimum Prefix Yes* Constant
* under reasonable technical assumptions
Monotone SMC Formula
![Page 27: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/27.jpg)
Minimum Prefix Certificates
27
Example: switched linear/convex systems, motion planning
![Page 28: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/28.jpg)
Minimum Prefix Certificates
28
Example: switched linear/convex systems, motion planning
![Page 29: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/29.jpg)
Minimum Prefix Certificates
29
Example: switched linear/convex systems, motion planning
![Page 30: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/30.jpg)
Minimum Prefix Certificates
30
Example: switched linear/convex systems, motion planning
![Page 31: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/31.jpg)
Minimum Prefix Certificates
31
Key idea: Find the “shortest” UNSAT certificate (e.g., the shortest prefix witness of a safety property violation).
Example: switched linear/convex systems, motion planning
![Page 32: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/32.jpg)
Minimum Prefix Certificates
32
Key idea: Find the “shortest” UNSAT certificate (e.g., the shortest prefix witness of a safety property violation).
Example: switched linear/convex systems, motion planning
![Page 33: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/33.jpg)
Minimum Prefix Certificates
33
Definition: Positively Ordered Unate (POU) FunctionA function is said to be POU with respect to an ordering of its variables if for all values of bi, we have
Theorem:Consider a monotone SMC formula and its Boolean abstraction . If: (1) is positively ordered unate(2) the domain of the real variables is boundedthen minimal UNSAT certificates exist and can be computed in constant time.
![Page 34: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/34.jpg)
Theorem:Let s* be the solution of the above optimization problem. If k* is the minimal index such that |s*|> 0, then the certificate: is the minimum prefix certificate.
Minimum Prefix Certificates
34
![Page 35: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/35.jpg)
Summary of UNSAT certificates
35
UNSAT Certificate Minimal
Complexity(number of convex
problems)
Trivial No Constant
IIS Yes Exponential
Sum of Slacks Yes* Linear
Minimum Prefix Yes* Constant
* under reasonable technical assumptions
Monotone SMC Formula
![Page 36: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/36.jpg)
Scalability Results
36
Increase the number of Boolean constraints#Boolean variables = 4800#Real variables = 100
Increase the number of Real variables#Boolean variables = 4800#Boolean constraints = 7000
10000 x
http://yshoukry.bitbucket.io/SatEX
![Page 37: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/37.jpg)
Results(1): Single Robot, Reach-Avoid
10000 x
Syclop (Synergistic Combination of Layers Of Planning):- High level planner + low level RRT/EST- outperform traditional sampling-based algorithms by orders of magnitude
Z3 and MILP (LTL OPT) times outtime out =1 hour
SMC generated trajectories (blue) aresmoother than Syclop generated traje
![Page 38: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/38.jpg)
Result (2): LTL Motion Planning
![Page 39: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/39.jpg)
Result (3): Multi-Robot, LTL
![Page 40: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/40.jpg)
Result (4): Secure CPS
40
Under attack - no protection Under attack - with protection
![Page 41: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/41.jpg)
Challenges
• Scalable synthesis of motion plans blending high‐level (discrete) and low‐level (continuous) control
• Implementation in software on top of networked robotics platforms
• Dealing with untrusted components, uncertainty in environment, and ML‐based perception
S. A. Seshia 41
![Page 42: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/42.jpg)
Robotics Software Stack
Challenges• High‐Level Programming
of Event‐Driven Software• Reliable Networked
Behavior• Verification in the
Presence of Black/Gray‐box Components
• Guaranteeing Safety via Run‐time assurance
42
![Page 43: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/43.jpg)
Contributions:1. Provably correct decentralized motion planner that
can perform on‐the‐fly collision‐free planning robust against network clock‐synchronization errors.
2. A verified software stack for distributed mobile robotics.
3. High‐level ModP language, back‐end model checker, and code generation to ROS/other SDKs.
Achievements: Programmed multiple drone platforms (Astec‐
Firefly, CrazyFlie, ROS, etc.). Framework efficiently scales for large workspaces
with 128 robots.
Verified software stack
“DRONA: A Framework for Safe Distributed Mobile Robotics”, A. Desai et al., ICCPS 2017.
Drona: A Software Framework for Distributed Mobile Robotics
43
![Page 44: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/44.jpg)
Drona scalability experiment: 64 drones in simulation
TerraSwarm Research Center 44
![Page 45: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/45.jpg)
Challenges
• Scalable synthesis of motion plans blending high‐level (discrete) and low‐level (continuous) control
• Implementation in software on top of networked robotics platforms
• Dealing with untrusted components, uncertainty in environment, and ML‐based perception
S. A. Seshia 45
![Page 46: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/46.jpg)
Simplex Architecture for Run‐Time Assurance of Periodic Real‐Time Systems
46
[Lui Sha, RTSS’98]
Already used in fault‐tolerant avionics systems
![Page 47: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/47.jpg)
Our Approach: Controlled Reachable Sets for Reach‐Avoid Objectives
47
[Desai et al., “SOTER: Programming Safe Robotics Systems using Runtime Assurance”, 2018.
Theorem: The following is an inductive invariant: Mode = SC s safe
Mode = AC Reach(s,*,) safe
Period
![Page 48: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/48.jpg)
Results: Drone Navigating in an Unknown Workspace (reach‐avoid problems)
S. A. Seshia 48
![Page 49: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/49.jpg)
Summary• Scalable synthesis of motion plans blending high‐level (discrete) and low‐level (continuous) control SMC
• Implementation in software on top of networked robotics platforms Drona
• Dealing with untrusted components, uncertainty in environment, and ML‐based perception Run‐time assurance + more… See tomorrow’s talk!
S. A. Seshia 49
![Page 50: Formal Methods, Machine Learning, and Cyber …sseshia/talks/Seshia...“Temporal Logic Planning and Control of Robotic Swarms by Hierarchical Abstractions,” TAC 2007. • G. E](https://reader033.vdocuments.mx/reader033/viewer/2022042411/5f29fcd4be6c3810f110dd55/html5/thumbnails/50.jpg)
Formal Methods
Machine Learning
Cyber-Physical Systems
Summary of the Lecture
1
2
3