Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Universal Safety Controllers with Learned Prophecies

Bernd Finkbeiner, Niklas Metzger, Satya Prakash Nayak, Anne-Kathrin Schmuck

TL;DR

The paper addresses scalability in temporal-safety controller synthesis by introducing Universal Safety Controllers (USCs) that leverage prophecies conditioned on plant behavior. It replaces costly tree-automata prophecies with compact, learnable CTL formulas to form approximate USCs, enabling learning from a small set of nominal plants and verification on unseen plants. The approach uses under- and over-approximations of prophecies and a refinement loop driven by plant observations, with on-the-fly composition and CTL-based learning (learnCTL) to produce correct controllers efficiently. Experimental results on grid-world and lily benchmarks show that learned CTL prophecies are compact, human-readable, and can substantially outperform automata-based USC methods in scalability and adaptability, while maintaining safety guarantees. Overall, the method delivers scalable, interpretable universal control for safety specifications by combining learning, formal verification, and refinement.

Abstract

\emph{Universal Safety Controllers (USCs)} are a promising logical control framework that guarantees the satisfaction of a given temporal safety specification when applied to any realizable plant model. Unlike traditional methods, which synthesize one logical controller over a given detailed plant model, USC synthesis constructs a \emph{generic controller} whose outputs are conditioned by plant behavior, called \emph{prophecies}. Thereby, USCs offer strong generalization and scalability benefits over classical logical controllers. However, the exact computation and verification of prophecies remain computationally challenging. In this paper, we introduce an approximation algorithm for USC synthesis that addresses these limitations via learning. Instead of computing exact prophecies, which reason about sets of trees via automata, we only compute under- and over-approximations from (small) example plants and infer computation tree logic (CTL) formulas as representations of prophecies. The resulting USC generalizes to unseen plants via a verification step and offers improved efficiency and explainability through small and concise CTL prophecies, which remain human-readable and interpretable. Experimental results demonstrate that our learned prophecies remain generalizable, yet are significantly more compact and interpretable than their exact tree automata representations.

Universal Safety Controllers with Learned Prophecies

TL;DR

The paper addresses scalability in temporal-safety controller synthesis by introducing Universal Safety Controllers (USCs) that leverage prophecies conditioned on plant behavior. It replaces costly tree-automata prophecies with compact, learnable CTL formulas to form approximate USCs, enabling learning from a small set of nominal plants and verification on unseen plants. The approach uses under- and over-approximations of prophecies and a refinement loop driven by plant observations, with on-the-fly composition and CTL-based learning (learnCTL) to produce correct controllers efficiently. Experimental results on grid-world and lily benchmarks show that learned CTL prophecies are compact, human-readable, and can substantially outperform automata-based USC methods in scalability and adaptability, while maintaining safety guarantees. Overall, the method delivers scalable, interpretable universal control for safety specifications by combining learning, formal verification, and refinement.

Abstract

\emph{Universal Safety Controllers (USCs)} are a promising logical control framework that guarantees the satisfaction of a given temporal safety specification when applied to any realizable plant model. Unlike traditional methods, which synthesize one logical controller over a given detailed plant model, USC synthesis constructs a \emph{generic controller} whose outputs are conditioned by plant behavior, called \emph{prophecies}. Thereby, USCs offer strong generalization and scalability benefits over classical logical controllers. However, the exact computation and verification of prophecies remain computationally challenging. In this paper, we introduce an approximation algorithm for USC synthesis that addresses these limitations via learning. Instead of computing exact prophecies, which reason about sets of trees via automata, we only compute under- and over-approximations from (small) example plants and infer computation tree logic (CTL) formulas as representations of prophecies. The resulting USC generalizes to unseen plants via a verification step and offers improved efficiency and explainability through small and concise CTL prophecies, which remain human-readable and interpretable. Experimental results demonstrate that our learned prophecies remain generalizable, yet are significantly more compact and interpretable than their exact tree automata representations.

Paper Structure

This paper contains 16 sections, 4 theorems, 1 equation, 6 figures, 4 algorithms.

Table of Contents

  1. Introduction
  2. Motivating Example
  3. Overview
  4. Related Work
  5. Preliminaries
  6. Universal Controller Synthesis
  7. Approximations of Universal Controllers
  8. Approximations
  9. Refinements
  10. Computing Refinements
  11. Synthesis with Learned Prophecies
  12. Learning CTL Formulas for Approximations
  13. Composition with Prophecy Controllers
  14. Synthesis via Learning and Refinement
  15. Experimental Evaluation
  16. ...and 1 more sections

Key Result

Lemma 1

For an approximation $\mathcal{W} = (\mathcal{A},\underline{\kappa},\overline{\kappa})$, its under-approximation $\underline{\mathcal{W}} = (\mathcal{A},\underline{\kappa})$ is correct and its over-approximation $\overline{\mathcal{W}} = (\mathcal{A},\overline{\kappa})$ is most permissive for all pl

Figures (6)

  • Figure 1: A plant that models the occupancy of processors in the load balancer example. We use $*$ to represent edges that are taken whenever no other edge guard is satisfied.
  • Figure 2: An approximate USC with CTL prophecies.
  • Figure 3: An overview of UCLearn.
  • Figure 4: A plant for the load balancer example that only signals $\mathit{busy}$ when processors are overloaded. We use $*$ to represent edges that are taken whenever no other edge guard is satisfied.
  • Figure 5: A refined prophecy controller for the load balancer example, where the CTL prophecy $\Phi_i$ is given by $\forall\operatorname{ }(\mathit{overload}\Rightarrow\mathit{asgn}_i)$ for $i\in\{1,2\}$.
  • ...and 1 more figures

Theorems & Definitions (12)

  • Definition 1: Prophecy-annotated controller
  • Definition 2: Consistency
  • Definition 3: Correctness
  • Definition 4: Permissiveness
  • Definition 5: Universal Controller
  • Definition 6: Approximations
  • Lemma 1
  • Definition 7: Refinement
  • Theorem 1
  • Corollary 1
  • ...and 2 more