Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Shield Synthesis for LTL Modulo Theories

Andoni Rodriguez, Guy Amir, Davide Corsi, Cesar Sanchez, Guy Katz

TL;DR

This work extends shielding for safety guarantees from propositional LTL to $LTL_{\,\mathcal{T}}$, enabling rich data and temporal reasoning in DRL-controlled systems. It combines Boolean abstraction with reactive synthesis modulo theories to produce shields, offering two main synthesis pathways: one via a Boolean controller augmented with a provider to yield a $C_{\mathcal{T}}$, and another via shields derived from winning regions to achieve maximal permissivity. The authors formalize minimal/feasible vs. maximally permissive shields, and introduce optimization techniques (e.g., soft constraints and bounded synthesis) to produce safe corrections that are close to the original potentially unsafe outputs. Empirical results demonstrate applicability to complex data with temporal dynamics and show efficiency gains over prior approaches, expanding shield applicability beyond Boolean specifications into expressive theories.

Abstract

In recent years, Machine Learning (ML) models have achieved remarkable success in various domains. However, these models also tend to demonstrate unsafe behaviors, precluding their deployment in safety-critical systems. To cope with this issue, ample research focuses on developing methods that guarantee the safe behaviour of a given ML model. A prominent example is shielding which incorporates an external component (a ``shield'') that blocks unwanted behavior. Despite significant progress, shielding suffers from a main setback: it is currently geared towards properties encoded solely in propositional logics (e.g., LTL) and is unsuitable for richer logics. This, in turn, limits the widespread applicability of shielding in many real-world systems. In this work, we address this gap, and extend shielding to LTL modulo theories, by building upon recent advances in reactive synthesis modulo theories. This allowed us to develop a novel approach for generating shields conforming to complex safety specifications in these more expressive, logics. We evaluated our shields and demonstrate their ability to handle rich data with temporal dynamics. To the best of our knowledge, this is the first approach for synthesizing shields for such expressivity.

Shield Synthesis for LTL Modulo Theories

TL;DR

This work extends shielding for safety guarantees from propositional LTL to , enabling rich data and temporal reasoning in DRL-controlled systems. It combines Boolean abstraction with reactive synthesis modulo theories to produce shields, offering two main synthesis pathways: one via a Boolean controller augmented with a provider to yield a , and another via shields derived from winning regions to achieve maximal permissivity. The authors formalize minimal/feasible vs. maximally permissive shields, and introduce optimization techniques (e.g., soft constraints and bounded synthesis) to produce safe corrections that are close to the original potentially unsafe outputs. Empirical results demonstrate applicability to complex data with temporal dynamics and show efficiency gains over prior approaches, expanding shield applicability beyond Boolean specifications into expressive theories.

Abstract

In recent years, Machine Learning (ML) models have achieved remarkable success in various domains. However, these models also tend to demonstrate unsafe behaviors, precluding their deployment in safety-critical systems. To cope with this issue, ample research focuses on developing methods that guarantee the safe behaviour of a given ML model. A prominent example is shielding which incorporates an external component (a ``shield'') that blocks unwanted behavior. Despite significant progress, shielding suffers from a main setback: it is currently geared towards properties encoded solely in propositional logics (e.g., LTL) and is unsuitable for richer logics. This, in turn, limits the widespread applicability of shielding in many real-world systems. In this work, we address this gap, and extend shielding to LTL modulo theories, by building upon recent advances in reactive synthesis modulo theories. This allowed us to develop a novel approach for generating shields conforming to complex safety specifications in these more expressive, logics. We evaluated our shields and demonstrate their ability to handle rich data with temporal dynamics. To the best of our knowledge, this is the first approach for synthesizing shields for such expressivity.
Paper Structure (20 sections, 8 theorems, 5 equations, 1 figure, 1 table)

This paper contains 20 sections, 8 theorems, 5 equations, 1 figure, 1 table.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. LTL and $\textup{LTL}_{\mathcal{T}\xspace}\xspace$.
  4. The Synthesis Problem.
  5. Boolean Abstraction.
  6. $\textup{LTL}_{\mathcal{T}\xspace}\xspace$ Shield Computation
  7. Problem overview.
  8. Shields as Controllers.
  9. More Flexible Shields from Winning Regions.
  10. Permissive and Intrusive Shields
  11. Minimal and Feasible Reactions.
  12. Impact of Boolean Abstractions on Permissivity.
  13. Optimizations in $\textup{LTL}_{\mathcal{T}\xspace}\xspace$ Shields
  14. Shields Optimized in $\mathcal{T}\xspace$.
  15. Permissive Optimization.
  16. ...and 5 more sections

Key Result

Lemma 1

Let $\varphi_{\mathcal{T}}\xspace$ be an $\textup{LTL}_{\mathcal{T}\xspace}$ specification, $\varphi_{\mathbb{B}}\xspace$ its equi-realizable Boolean abstraction and $C_{\mathbb{B}}$ a controller for $\varphi_{\mathbb{B}}\xspace$. Let $q$ be a state of $C_{\mathbb{B}}\xspace$ after processing inputs

Figures (1)

  • Figure 1: Architectures for shields modulo theory.

Theorems & Definitions (15)

  • Example 1: Running example and abstraction
  • Example 2: Running example as shield
  • Lemma 1
  • Lemma 2
  • Theorem 1: Correctness of $D \cdot S_{\mathcal{T}\xspace}$ based on $C_{\mathcal{T}\xspace}$
  • Theorem 2: Correctness of $D \cdot S_{\mathcal{T}\xspace}$ based on WR
  • Lemma 3
  • Definition 1: MVR and Feasible
  • Definition 2: Legitimacy and Strict Covering
  • Definition 3: Covering
  • ...and 5 more