Statistical Reachability Analysis of Stochastic Cyber-Physical Systems under Distribution Shift

TL;DR

This work tackles safety guarantees for stochastic cyber-physical systems described by black-box simulators that may exhibit distribution shift between training and deployment. It introduces a data-driven pipeline that learns a Lipschitz-bounded neural surrogate to predict $\mathrm{K}$-step trajectories, uses quantile-loss training to reduce reachability conservatism, and applies robust conformal inference to quantify and compensate for distribution shift via an $f$-divergence-based radius $\tau$. A surrogate flowpipe is inflated with a robustly-calibrated zonotope to produce a $\delta$-confident reach set that holds for all real deployments within $\mathcal{P}_{f,\tau}(\mathcal{D}_{S,\mathrm{K}}^{\mathsf{sim}})$, with efficient scaling-factor updates via linear programming. The approach demonstrates improved data efficiency and tighter guarantees on challenging high-dimensional systems (e.g., a 12-D quadcopter) while highlighting the essential role of robust conformal inference in maintaining safety under distribution shift.

Abstract

Reachability analysis is a popular method to give safety guarantees for stochastic cyber-physical systems (SCPSs) that takes in a symbolic description of the system dynamics and uses set-propagation methods to compute an overapproximation of the set of reachable states over a bounded time horizon. In this paper, we investigate the problem of performing reachability analysis for an SCPS that does not have a symbolic description of the dynamics, but instead is described using a digital twin model that can be simulated to generate system trajectories. An important challenge is that the simulator implicitly models a probability distribution over the set of trajectories of the SCPS; however, it is typical to have a sim2real gap, i.e., the actual distribution of the trajectories in a deployment setting may be shifted from the distribution assumed by the simulator. We thus propose a statistical reachability analysis technique that, given a user-provided threshold $1-ε$, provides a set that guarantees that any reachable state during deployment lies in this set with probability not smaller than this threshold. Our method is based on three main steps: (1) learning a deterministic surrogate model from sampled trajectories, (2) conducting reachability analysis over the surrogate model, and (3) employing {\em robust conformal inference} using an additional set of sampled trajectories to quantify the surrogate model's distribution shift with respect to the deployed SCPS. To counter conservatism in reachable sets, we propose a novel method to train surrogate models that minimizes a quantile loss term (instead of the usual mean squared loss), and a new method that provides tighter guarantees using conformal inference using a normalized surrogate error. We demonstrate the effectiveness of our technique on various case studies.

Figures (4)

• Figure 1: Flowpipe for $x_k$ and $y_k$ over time steps. The red borders are for flowpipes generated by MSE loss function and the blue ones are for quantile based loss function. The shaded region shows an approximation of flowpipe by recording trajectories, and the darkness of the green color shows the density of the trajectories. The black lines are the borders for the shaded region. The shaded area is generated via $300000$ trajectories.
• Figure 2: Distribution of $\mathbf{UB}/(n\mathrm{K})$ for the MSE and the quantile-based NNs for $3\times 10^5$ samples. The $95\%$-quantile of variable $\mathbf{UB}/(n\mathrm{K})$ represents the surface area of the obtained inflating zonotope. The figure is cropped for better visibility.
• Figure 3: This figure shows the proposed flowpipes computed for the quadcopter dynamics for each state component over the time horizon of $100$ time steps with $\delta t = 0.05$ that means $5$ seconds operation of quadcopter. The red borders show the flowpipe that contains trajectories from $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{sim}}$ with provable coverage of $\delta \geq 99.99\%$. The green shaded area shows the density of a collection of $300,000$ of these trajectories, and the darker color means the higher density of traces. The blue borders are also for a flowpipe that contains the trajectories from distribution $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{sim}}$ with $\delta \geq 95\%$. The dotted black line also shows the border of collected simulated trajectories.
• Figure 4: Shows the density of trajectories starting from $\mathcal{I}_3$ versus their computed flowpipes. The green color-bar represents the density of traces from, $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{sim}}$ and the blue color-bar is for traces from $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{real}}$. The shaded areas are generated via $3\times10^5$ different trajectories, and the dotted lines represents their border. a) Shows two different flowpipes for TRVDP dynamics with confidence level of $0.9999$ on $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{sim}}$. The tighter flowpipe (blue color) utilizes the linear programming \ref{['eq:alphoptim']} while the looser one (red color) does not. b) Shows a flowpipe that covers trajectories from $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{real}}$ with the confidence level of $77\%$ and also covers the traces from $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{sim}}$ with the confidence level of $99.5\%$. The blue shaded area is for $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{real}}$ and the green shaded area is for $\mathcal{D}_{S,\mathrm{K}}^{\mathsf{sim}}$. c) Shows the vector field of TRVDP dynamics that illustrates the instability of the system.

Theorems & Definitions (13)

• Example 1
• Definition 1
• Definition 2: Residual Error
• Definition 3: $\delta$-Confident Flowpipe
• Definition 4: Surrogate flowpipe
• Definition 5: Calibration Dataset
• Remark 1
• Lemma 1
• proof
• Definition 6: Inflating Zonotope