safe ai for cps
play

Safe AI for CPS Andr Platzer Carnegie Mellon University Joint work - PowerPoint PPT Presentation

Sep 21, 2022 •232 likes •1.19k views

Safe AI for CPS Andr Platzer Carnegie Mellon University Joint work with Nathan Fulton Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing Safety-Critical

  1. Safe AI for CPS André Platzer Carnegie Mellon University Joint work with Nathan Fulton

  2. Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing

  3. Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing

  4. This Talk Ensure the safety of Autonomous Cyber-Physical Systems. Best of both worlds: learning together with CPS safety Flexibility of learning • Guarantees of CPS formal methods • Diametrically opposed: flexibility+adaptability versus predictability+simplicity 1. Cyber-Physical Systems with Differential Dynamic Logic 2. Sandboxed reinforcement learning is provably safe 3. Model-update learning addresses uncertainty with multiple models

  5. Airborne Collision Avoidance System ACAS X Developed by FAA to replace current TCAS in aircraft ● Approximately optimizes MDP on a grid ● Advisory from lookup tables with 5D interpolation regions ● Identified safe region per advisory and proved in KeYmaera X ● dela y 1 6 2 3 5 1 4 STTT’17

  6. Comparison: ACAS X issues DNC h No change Following ownship 10,80 (ft) advisory DNC trajectory path 0 without DNC 10,400 intruder path 10,200 ownship 10,000 path with DNC 9,600 20 15 10 5 0 5 10 15 20 time to crossing (s) But CL1500 or no change would not lead to a collision

  7. Model-Based Verification Reinforcement Learning φ

  8. Model-Based Verification Reinforcement Learning pos < stopSign

  9. Model-Based Verification Reinforcement Learning ctrl pos < stopSign

  10. Model-Based Verification Reinforcement Learning ctrl pos < stopSign Approach : prove that control software achieves a specification with respect to a model of the physical system.

  11. Model-Based Verification Reinforcement Learning ctrl pos < stopSign Approach : prove that control software achieves a specification with respect to a model of the physical system.

  12. Model-Based Verification Reinforcement Learning φ Benefits: Strong safety guarantees ● Automated analysis ●

  13. Model-Based Verification Reinforcement Learning φ Benefits: Strong safety guarantees ● Automated analysis ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful”

  14. Model-Based Verification Reinforcement Learning φ Benefits: Strong safety guarantees ● Automated analysis ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful” Assumes accurate model ●

  15. Model-Based Verification Reinforcement Learning Act φ Benefits: Observe Strong safety guarantees ● Automated analysis ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful” Assumes accurate model. ●

  16. Model-Based Verification Reinforcement Learning Act φ Observe Benefits: Benefits: Strong safety guarantees No need for complete model ● ● Automated analysis Optimal (effective) policies ● ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful” Assumes accurate model. ●

  17. Model-Based Verification Reinforcement Learning Act φ Observe Benefits: Benefits: Strong safety guarantees No need for complete model ● ● Automated analysis Optimal (effective) policies ● ● Drawbacks: Drawbacks: Control policies are typically No strong safety guarantees ● ● non-deterministic: answers Proofs are obtained and ● “what is safe”, not “what is checked by hand useful” Formal proofs = decades-long ● Assumes accurate model. proof development ●

  18. Model-Based Verification Reinforcement Learning Act φ Observe Goal: Provably correct reinforcement learning Benefits: Benefits: Strong safety guarantees No need for complete model ● ● Aomputational aids (ATP) Optimal (effective) policies ● ● Drawbacks: Drawbacks: Control policies are typically No strong safety guarantees ● ● non-deterministic: answers Proofs are obtained and ● “what is safe”, not “what is checked by hand useful” Formal proofs = decades-long ● Assumes accurate model proof development ●

  19. Model-Based Verification Reinforcement Learning Act φ Observe Goal: Provably correct reinforcement learning Benefits: Benefits: 1. Learn Safety Strong safety guarantees No need for complete model ● ● 2. Learn a Safe Policy Aomputational aids (ATP) Optimal (effective) policies ● ● 3. Justify claims of safety Drawbacks: Drawbacks: Control policies are typically No strong safety guarantees ● ● non-deterministic: answers Proofs are obtained and ● “what is safe”, not “what is checked by hand useful” Formal proofs = decades-long ● Assumes accurate model proof development ●

  20. Part I: Differential Dynamic Logic Trustworthy Proofs for Hybrid Systems

  21. Hybrid Programs x := t x=x 0 x=t y=y 0 y=y 0 z=z 0 z=z 0 ... ...

  22. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ...

  23. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... If P is true: no change ?P If P is false: terminate

  24. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... If P is true: no change ?P If P is false: terminate a* a ...a...

  25. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... a ∪ b If P is true: no change ?P If P is false: terminate a* a ...a...

  26. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... a ∪ b If P is true: no change ?P If P is false: terminate x=F(0) ... x’=f(x) a* x=x 0 a ...a... ⋮ ... x=F(T) ...

  27. Approaching a Stopped Car Own Car Stopped Car Is this property true? [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  28. Approaching a Stopped Car Own Car Stopped Car Assuming we only accelerate when it’s safe to do so , is this property true? [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  29. Approaching a Stopped Car Own Car Stopped Car safeDistance(pos,vel,stoppedCarPos,B) if we also assume the system is safe initially: safeDistance(pos,vel,stoppedCarPos,B) → [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  30. Approaching a Stopped Car Own Car Stopped Car safeDistance(pos,vel,stoppedCarPos,B) safeDistance(pos,vel,stoppedCarPos,B) → [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  31. The Fundamental Question Proofs give strong mathematical evidence of safety. Why would our program not work if we have a proof ?

  32. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct?

  33. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct? 2. Was the model accurate enough? ≠

  34. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct? KeYmaera X 2. Was the model accurate enough? dI Tactic: DI Axiom: ODE & Controls Tooling [{x'=f&Q}]P↔([?Q]P←(Q→[{x'=f&Q}]P')) Example: [v’=r p v 2 -g,t’=1]v ≥ v 0 - gt ↔ Clever Bellerophon … ↔ Programs Side derivation: [v’:=r p v 2 -g][t’:=1]v’ ≥ -g*t’ ↔ (v ≥ v 0 - r p v 2 -g ≥ -g ↔ gt)’ ↔ H → r p ≥ 0 ... ↔ ... ↔ KyX qed Axioms ... H=r p ≥0 & r a ≥0 & g>0 & ...

  35. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct? KeYmaera X 2. Was the model accurate enough? Safe RL dI Tactic: DI Axiom: ODE & Controls Tooling [{x'=f&Q}]P↔([?Q]P←(Q→[{x'=f&Q}]P')) Example: [v’=r p v 2 -g,t’=1]v ≥ v 0 - gt ↔ Clever Bellerophon … ↔ Programs Side derivation: [v’:=r p v 2 -g][t’:=1]v’ ≥ -g*t’ ↔ (v ≥ v 0 - r p v 2 -g ≥ -g ↔ gt)’ ↔ H → r p ≥ 0 ... ↔ ... ↔ KyX qed Axioms ... H=r p ≥0 & r a ≥0 & g>0 & ...

  36. Part II: Justified Speculative Control ≠ Safe reinforcement learning in partially modeled environments AAAI 2018

  37. Model-Based Verification Accurate, analyzable models often exist! { ∪ brake ∪ ?safeTurn; turn}; {?safeAccel;accel {pos’ = vel, vel’ = acc} }*

  38. Model-Based Verification Accurate , analyzable models often exist! { ∪ brake ∪ ?safeTurn; turn}; {?safeAccel;accel {pos’ = vel, vel’ = acc} discrete control }* Continuous motion

  39. Model-Based Verification Accurate , analyzable models often exist! { ∪ brake ∪ ?safeTurn; turn}; {?safeAccel;accel {pos’ = vel, vel’ = acc} discrete, non-deterministic }* Continuous control motion

  40. Model-Based Verification Accurate , analyzable models often exist! init → [ { ∪ brake ∪ ?safeTurn; turn}; { ?safeAccel;accel {pos’ = vel, vel’ = acc} }* ]pos < stopSign

Recommend

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W orkshop- 3 1 May 2 0 1 0 , European Medicines Agency, London, UK Presented by: Joao-Pedro Franco &amp; Caroline Le Barbier, PhD Scientific

391 views • 22 slides
Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany Dr. Stefan Voget Agenda SAFE Motivation makes Functional safety safe SAFE in SAFE and the project standardization landscape 2 SAFE

569 views • 20 slides
The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self-

The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self-

SAFE STRIP has received funding from the European Unions Horizon 2020 Research and Innovation Programme under grant agreement no 723211. The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self- explaining

271 views • 23 slides
1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

Introduction [Coalition/presenter intro] Safe Kids is raising awareness and educating families about keeping kids safe around medicine. Safe Kids has done research and developed materials about safe storage, dosing and disposal of medicine.

281 views • 27 slides
The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food

The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food

The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food Certification Program have been prepared to accompany the nine-page slide presentation that may be shared with employees, members of the community or other

387 views • 9 slides
Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe?

Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe?

Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe? Course hes not safe. But hes good. LUKE 10:25-28 (ESV) 25 And behold, a lawyer stood up to put him to the test, saying, Teacher,

389 views • 24 slides
everyone home safe every day Keep each other safe Something to think about: By challenging y

everyone home safe every day Keep each other safe Something to think about: By challenging y

everyone home safe every day Keep each other safe Something to think about: By challenging y our colleagues Winter safety advice can often tell us things that we already know. unsafe behaviour, y ou re looking For example, we all know

654 views • 46 slides
Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29.

Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29.

Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29. September 2006 European Work Hazards Network http://www.balpa.org/intranet/BALPA-Camp/The-Aircra/index.htm Bilde hentet fra AOPIS: Contaminated

826 views • 45 slides
Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide

Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide

Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide Every minute More than 67,000 children a parent or caregiver calls a are seen in emergency poison control center about departments for a medication

530 views • 22 slides
The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/

The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/

The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/ SAFE FOOD COMPANY, QUALITY &amp; SAFETY PROGRAM Why Safe Feed/Safe Food Matters to Feed Mill Managers Recognition by FDA Officials Translates to

653 views • 9 slides
WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving

WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving

WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving lives to ensure food can be cooked to meet nutritional needs in emergencies Reducing protection and health risks for women and children cooking

74 views • 6 slides
Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What

Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What

Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What is a Safe Haven? It's a place where a new mom desperate to hide an unwanted baby can bring her newborn instead of abandoning the infant in an unsafe

394 views • 20 slides
Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me r ge nc y Ke e p Safe is for he lp and suppor t whe n out and about. T o make a phone c all in c ase of e me r ge nc y to the polic e ,

201 views • 18 slides
1 Safe pressure vessels Safe pressure vessels Therefore, for safety However, if one

1 Safe pressure vessels Safe pressure vessels Therefore, for safety However, if one

Case Studies in Materials Selection Safe pressure vessels Material for a pressure vessel Cylindrical pressure vessels are containers for a fluid under pressure A safe design will be based on one of two factors Short term thermal

351 views • 8 slides
WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE

WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE

WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE Addressing the serious challenges linked with access Fuel-efficient stoves to cooking fuel for the most vulnerable people in Fuel for Alternative

93 views • 8 slides
Safe School Programme National Anti-Bullying Coalition Safe Students Safe

Safe School Programme National Anti-Bullying Coalition Safe Students Safe

National Anti-Bullying Coalition Safe Students Safe Teachers Safe Schools Safer Future Safe School Programme National Anti-Bullying Coalition Safe Students Safe Teachers

491 views • 21 slides
HOW SAFE IS SAFE ENOUGH? APOCALYPTIC SCENARIOS 11 ICE HOCKEY FEDERATION 15 HUMAN

HOW SAFE IS SAFE ENOUGH? APOCALYPTIC SCENARIOS 11 ICE HOCKEY FEDERATION 15 HUMAN

HOW SAFE IS SAFE ENOUGH? APOCALYPTIC SCENARIOS 11 ICE HOCKEY FEDERATION 15 HUMAN PRACTICES DEBATE 21 22 BIOSAFETY ARE GMOs AND SYNTHETIC ORGANISMS DANGEROUS? yes 8 % 8 % 4 % i dont know enough to form an opinion some of them

793 views • 30 slides
CLEAN WATER FOR SALMON SALMON-SAFE CERTIFICATION AND THE WILLAMETTE RIVER SALMON-SAFE

CLEAN WATER FOR SALMON SALMON-SAFE CERTIFICATION AND THE WILLAMETTE RIVER SALMON-SAFE

CLEAN WATER FOR SALMON SALMON-SAFE CERTIFICATION AND THE WILLAMETTE RIVER SALMON-SAFE WILLAMETTE About Salmon-Safe Science-based standards Urban development focus Mayors Challenge with City of Portland Public education

667 views • 38 slides
Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe. Camping and high adventure activities within the Boy Scouts are done with the concept of managed risk within the guidelines set forth by BSA and

558 views • 33 slides
BreakPoint Fin Mockup Review Blue A Friday, October 19, 12 BreakPoint Fin Safe Board. Safe

BreakPoint Fin Mockup Review Blue A Friday, October 19, 12 BreakPoint Fin Safe Board. Safe

BreakPoint Fin Mockup Review Blue A Friday, October 19, 12 BreakPoint Fin Safe Board. Safe Rider. Surf On. Friday, October 19, 12 Vision Safe for Surfers Safe for Surfboards High Performance Friday, October 19, 12 Sketch Model Blue A

344 views • 16 slides
F e b r u a r y 2 0 1 3 Safe Harbor In keeping with the SECs Safe Harbor guidelines,

F e b r u a r y 2 0 1 3 Safe Harbor In keeping with the SECs Safe Harbor guidelines,

F e b r u a r y 2 0 1 3 Safe Harbor In keeping with the SECs Safe Harbor guidelines, certain statements made during this presentation could be considered forward-looking and subject to certain risks and uncertainties that could cause

590 views • 31 slides
Safe Sleep San Joaquin Presentation To help us better understand how many people are using our

Safe Sleep San Joaquin Presentation To help us better understand how many people are using our

Safe Sleep San Joaquin Presentation To help us better understand how many people are using our Safe Sleep toolkit, please fill out this form each time your agency presents this Safe Sleep powerpoint to either parents or staff, attach a sign-in

320 views • 3 slides
Investor Presentation June 2018 Safe Harbor Statement Safe Harbor Statement Windstream

Investor Presentation June 2018 Safe Harbor Statement Safe Harbor Statement Windstream

Investor Presentation June 2018 Safe Harbor Statement Safe Harbor Statement Windstream Holdings, Inc. claims the protection of the safe-harbor for forward-looking statements contained in the Private Securities Litigation Reform Act of 1995.

549 views • 21 slides
Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan

Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan

Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan Crisplant Group World leading provider of solutions and services to the LP gas industry Equipment installed in more than 2600 sites in

330 views • 22 slides

More recommend