Adaptive GR(1) Specification Repair for Liveness-Preserving Shielding in Reinforcement Learning
Tiberiu-Andrei Georgescu, Alexander W. Goodall, Dalal Alrajeh, Francesco Belardinelli, Sebastian Uchitel
TL;DR
The paper tackles ensuring safety and liveness for reinforcement learning agents when environmental assumptions may be violated. It introduces RepairRL, an online framework that uses GR(1) specifications to synthesize a shield, detects runtime assumption violations via an Environment Checker, and repairs the specification online with ILP-guided SpecRepair to yield a new shield and updated winning region. This approach preserves safety with minimal intervention, while enabling near-optimal rewards, as demonstrated in Minepump and Seaquest experiments. The framework emphasizes interpretability, providing human-readable explanations of shield changes, and shows practical viability through polynomial-time GR(1) synthesis and online adaptation. Overall, adaptive GR(1) specification repair offers a principled, scalable way to maintain safety and liveness in RL under evolving or misspecified environments.
Abstract
Shielding is widely used to enforce safety in reinforcement learning (RL), ensuring that an agent's actions remain compliant with formal specifications. Classical shielding approaches, however, are often static, in the sense that they assume fixed logical specifications and hand-crafted abstractions. While these static shields provide safety under nominal assumptions, they fail to adapt when environment assumptions are violated. In this paper, we develop the first adaptive shielding framework - to the best of our knowledge - based on Generalized Reactivity of rank 1 (GR(1)) specifications, a tractable and expressive fragment of Linear Temporal Logic (LTL) that captures both safety and liveness properties. Our method detects environment assumption violations at runtime and employs Inductive Logic Programming (ILP) to automatically repair GR(1) specifications online, in a systematic and interpretable way. This ensures that the shield evolves gracefully, ensuring liveness is achievable and weakening goals only when necessary. We consider two case studies: Minepump and Atari Seaquest; showing that (i) static symbolic controllers are often severely suboptimal when optimizing for auxiliary rewards, and (ii) RL agents equipped with our adaptive shield maintain near-optimal reward and perfect logical compliance compared with static shields.