Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Barrier-Based Test Synthesis for Safety-Critical Systems Subject to Timed Reach-Avoid Specifications

Prithvi Akella, Mohamadreza Ahmadi, Richard M. Murray, Aaron D. Ames

TL;DR

The paper addresses how to generate controller-agnostic, adversarial tests for safety-critical systems operating under timed reach-avoid specifications. It introduces a minimax test-synthesis framework built on control barrier functions to produce realizable and maximally difficult tests in both continuous- and discrete-time settings, with extensions to perturbed dynamics and time-varying constraints. The authors provide theoretical guarantees of existence and optimality for the generated tests, along with illustrative unicycle and grid-world examples and hardware experiments with a quadruped. This approach enables rigorous testing and evaluation of safety-critical controllers by exposing worst-case and time-varying failure modes without requiring knowledge of the actual controller. The work has practical impact for robust test and evaluation pipelines in autonomous systems, offering a formal method to stress-test controllers and inform design improvements.

Abstract

We propose an adversarial, time-varying test-synthesis procedure for safety-critical systems without requiring specific knowledge of the underlying controller steering the system. From a broader test and evaluation context, determination of difficult tests of system behavior is important as these tests would elucidate problematic system phenomena before these mistakes can engender problematic outcomes, e.g. loss of human life in autonomous cars, costly failures for airplane systems, etc. Our approach builds on existing, simulation-based work in the test and evaluation literature by offering a controller-agnostic test-synthesis procedure that provides a series of benchmark tests with which to determine controller reliability. To achieve this, our approach codifies the system objective as a timed reach-avoid specification. Then, by coupling control barrier functions with this class of specifications, we construct an instantaneous difficulty metric whose minimizer corresponds to the most difficult test at that system state. We use this instantaneous difficulty metric in a game-theoretic fashion, to produce an adversarial, time-varying test-synthesis procedure that does not require specific knowledge of the system's controller, but can still provably identify realizable and maximally difficult tests of system behavior. Finally, we develop this test-synthesis procedure for both continuous and discrete-time systems and showcase our test-synthesis procedure on simulated and hardware examples.

Barrier-Based Test Synthesis for Safety-Critical Systems Subject to Timed Reach-Avoid Specifications

TL;DR

The paper addresses how to generate controller-agnostic, adversarial tests for safety-critical systems operating under timed reach-avoid specifications. It introduces a minimax test-synthesis framework built on control barrier functions to produce realizable and maximally difficult tests in both continuous- and discrete-time settings, with extensions to perturbed dynamics and time-varying constraints. The authors provide theoretical guarantees of existence and optimality for the generated tests, along with illustrative unicycle and grid-world examples and hardware experiments with a quadruped. This approach enables rigorous testing and evaluation of safety-critical controllers by exposing worst-case and time-varying failure modes without requiring knowledge of the actual controller. The work has practical impact for robust test and evaluation pipelines in autonomous systems, offering a formal method to stress-test controllers and inform design improvements.

Abstract

We propose an adversarial, time-varying test-synthesis procedure for safety-critical systems without requiring specific knowledge of the underlying controller steering the system. From a broader test and evaluation context, determination of difficult tests of system behavior is important as these tests would elucidate problematic system phenomena before these mistakes can engender problematic outcomes, e.g. loss of human life in autonomous cars, costly failures for airplane systems, etc. Our approach builds on existing, simulation-based work in the test and evaluation literature by offering a controller-agnostic test-synthesis procedure that provides a series of benchmark tests with which to determine controller reliability. To achieve this, our approach codifies the system objective as a timed reach-avoid specification. Then, by coupling control barrier functions with this class of specifications, we construct an instantaneous difficulty metric whose minimizer corresponds to the most difficult test at that system state. We use this instantaneous difficulty metric in a game-theoretic fashion, to produce an adversarial, time-varying test-synthesis procedure that does not require specific knowledge of the system's controller, but can still provably identify realizable and maximally difficult tests of system behavior. Finally, we develop this test-synthesis procedure for both continuous and discrete-time systems and showcase our test-synthesis procedure on simulated and hardware examples.
Paper Structure (25 sections, 17 theorems, 81 equations, 8 figures)

This paper contains 25 sections, 17 theorems, 81 equations, 8 figures.

Table of Contents

  1. Introduction
  2. Related Work
  3. Summary of Contributions
  4. Organization
  5. Preliminaries
  6. Control Barrier Functions
  7. Timed Reach-Avoid Specifications
  8. Problem Formulation and Statement
  9. Definitions and Common Assumptions
  10. Problem Statement
  11. Continuous-Time Test Generation
  12. Statement of Continuous-Time Results
  13. Proof of Continuous-Time Results
  14. Corollaries - Perturbing the System Dynamics
  15. Examples
  16. ...and 10 more sections

Key Result

Theorem 1

Let Assumption assump:continous_assumption hold. The test synthesizer in eq:feedback_law is guaranteed to have a solution $d \in \mathcal{D}$ for every $x\in \mathcal{X}$, i.e.

Figures (8)

  • Figure 1: A general flowchart of our test-synthesis procedure for safety-critical systems subject to Timed-Reach Avoid Specifications. We assume the specification $\psi$ that influences the safe controller is express-able via barrier functions $h_f,h_g$. Simultaneously, these same barrier functions are used in a game-theoretic test-synthesis procedure that exploits model knowledge to develop tests that are provably realizable and maximally difficult.
  • Figure 2: Example setup for Example \ref{['ex:turtle']}. The agent is shown via the blue arrow, the obstacles via the black circles of varying sizes, and the goal via the golden circle. The corresponding 0-superlevel and sublevel sets follow the same color scheme as shown in the legend.
  • Figure 3: Minimization of the difficulty measure $M$ defined in equation \ref{['eq:cont_ex_difficulty_measure']}, for the autonomous agent example in Section \ref{['sec:cont_examples']}. Notice that in each of the three cases shown, the output of the minimax test synthesizer in equation \ref{['eq:cont_ex_test_synthesizer']} accurately identifies a test that minimizes the corresponding difficulty measure - the colorbar is shown to the right hand side.
  • Figure 4: Example obstacle placements produced by our test-synthesis procedure defined in equation \ref{['eq:cont_ex_test_synthesizer']} for the unicycle example in Section \ref{['sec:cont_examples']}. (Top Left) Feasible Test Space $\mathcal{D}$ with the partitioning offered by $\Gamma(x)$ for $x = [-0.5,0.5,\pi/4]^T$. $\Gamma(x)$ is defined in equation \ref{['eq:gamma_set']}. Notice how twenty different solutions to the same minimax problem \ref{['eq:cont_ex_test_synthesizer']} all yield a test parameter vector $d \in \Gamma(x)$ as theorized in the proof for Theorem \ref{['thm:existence']}. (Top Right) Four specific tests generated by the same test-synthesizer in equation \ref{['eq:cont_ex_test_synthesizer']} for the same system state. (Bottom) Figures showing the same information as above, except the system state has changed to $x = [0.5,-0.5,\pi/2]^T$.
  • Figure 5: Example discrete time setting for Section \ref{['sec:disc_extensions']}.
  • ...and 3 more figures

Theorems & Definitions (27)

  • Definition 1
  • Definition 2
  • Example 1
  • Definition 3
  • Definition 4
  • Definition 5
  • Example 2
  • Definition 6
  • Definition 7
  • Definition 8
  • ...and 17 more