From Murray Wiki
(Redirected from EECI: Main Page)
Jump to navigationJump to search

Specification, Design, and Verification for Self-Driving Cars

Richard M. Murray and Nok Wongpiromsarn
9-13 March 2020, Istanbul (Turkey)

Course Description

Increases in fast and inexpensive computing and communications have enabled a new generation of information-rich control systems that rely on multi-threaded networked execution, distributed optimization, sensor fusion and protocol stacks in increasingly sophisticated ways. This course will provide working knowledge of a collection of methods and tools for specifying, designing and verifying control protocols for autonomous systems, including self-driving cars. We combine methods from computer science (temporal logic, model checking, reactive synthesis) with those from control theory (abstraction methods, optimal control, invariants sets) to analyze and design partially asynchronous control protocols for continuous systems. In addition to introducing the mathematical techniques required to formulate problems and prove properties, we also describe a software toolbox, TuLiP, that is designed for analyzing and synthesizing hybrid control systems using temporal logic and robust performance specifications.


The following papers and textbooks will be used heavily throughout the course:

Additional references for individual topics are included on the individual lecture pages.

Course information

Lecture Schedule

The schedule below lists the lectures that will be given as part of the course. Each lecture will last approximately 90 minutes. The individual lecture pages give an overview of the lecture and links to additional information.

Lec Date/time Title Topics
Mon,10:00 Welcome and course administration
Mon, 10:30 Course Introduction
  • Introduction to self-driving cars
  • Specifications and rules of the road
  • Architecture for self-driving (including layers)
  • Design problem, analysis/safety
Mon, 12:45 Automata Theory
  • Finite transition systems
  • Kripke structures
  • Automata classes (finite, Buchi, ND, etc)
  • Examples: stoplight, intersection
Mon, 14:15 Temporal Logic
  • Temporal logic
  • Linear time properties
  • LTL, STL
  • Examples: lane change, intersection
Mon, 15:45 Model Checking
  • LTL to Buchi automata
  • Ideas behind how model checkers work
  • Use for “open loop” synthesis
  • Examples: intersection
Tue, 8:30 Probabilistic Systems
  • Stochastic models: Markov chains, Markov decision processes
  • Sigma algebra
  • Reachability, regular safety and omega-regular properties
  • PCTL
Tue, 10:30 Computer Session: Stormpy
  • Probabilistic model checking
  • Probabilistic synthesis
  • TuLiP interface to stormpy
Tue, 14:15 Discrete Abstractions
  • Finite-state approximation of hybrid systems
  • Use of model checking for the verificatino of hybrid systems
  • Construction of finite-state abstractions for synthesis
Wed, 8:30 Reactive Synthesis
  • Assume/guarantee formalsms
  • Two-player, asymmetric games
  • Winning set computations, solving for strategies
  • Reading: WTM
  • Examples: runner-blocker, grid-world (parking lot, intersection)
Thu, 10:30 Computer Session: TuLiP
  • Simulation setup
  • TuLiP synthesis
Thu, 8:30 Minimum Violation Planning
  • Weighted automaton
  • Prioritized safety specification
  • Minimum violation planning problem and solution for finite state systems
  • Incremental sampling-based algorithm for continuous systems
Thu, 10:30 Computer Session: MVP

Minimum violation planning using TuLiP

  • Defining system and prioritized safety specification
  • Solving minimum violation planning problem
Fri, 9:00 Behaviour Specifications of Autonomous Vehicles
  • Challenges
  • Behavior specification using rulebooks
  • Singapore examples
Fri, 10:00 Safety-Critical Systems
  • Requirements for safety-critical control systems
  • Incorporating ML into autonomous sytems
  • Testing and evaluation
Fri, 11:00 Course Summary
  • Summary of key concepts from the course
  • Open issues for future research
  • Discussion

Software Installation

We will make use of two programs during the lab sessions:

  • stormpy
  • TuLiP - python-based toolbox for temporal logic planning and controller synthesis

The above link provides instructions on how to install the software on your own. I highly recommend the use of virtual environments (either through python virtualenv or anaconda).

TuLiP (use the eeci2020 branch where minimum violation planning is implemented):

   $ git clone
   $ cd tulip-control
   $ git checkout eeci2020
   $ pip install wheel
   $ pip install cvxopt
   $ pip install -r requirements.txt
   $ python install

polytope: Make sure you have version 0.2.2 or higher of polytope installed

  $ python -c "import polytope; print(polytope.__version__)"

If the version is not '0.2.2' (possibly followed by some additional text, e.g., 0.2.2.dev0+f12c87a64641fed4d36a0fe904613495c434577d), then you need to install the latest version of polytope from source:

   $ git clone
   $ python install

matplotlib: matplotlib is not required for TuLiP but will be used in the course for visualization

   $ pip install matplotlib

dot: dot is not required for TuLiP but is used for visualization. The dot program is part of the graphviz package available on most *nix systems. A typical way to install the package is to use the following command

   $ sudo apt-get install graphviz

Stormpy: stormpy requires multiple packages, including carl, pycarl, z3 and storm. First, get all the required libraries. I summarize it here based on Ubuntu. (I tried it on Ubuntu18.04 but other versions should work too.)

   $ sudo snap install cmake --classic
   $ sudo apt install build-essential libgmp3-dev libeigen3-dev libboost-all-dev libcln-dev ginac-tools autoconf glpk-utils hwloc libginac-dev automake libglpk-dev libhwloc-dev libz3-dev libxerces-c-dev libeigen3-dev


   $ git clone
   $ cd carl
   $ git checkout master14
   $ mkdir build && cd build
   $ make lib_carl


   $ git clone
   $ cd pycarl/
   $ python develop


   $ git clone
   $ cd z3
   $ python scripts/
   $ cd build
   $ make
   $ sudo make install

Note down where z3 is installed. If you use virtualenv, it should be something like venv_path/bin/z3 where venv_path is the path to the virtual environment.


   $ git clone -b stable
   $ cd storm
   $ export STORM_DIR=path_to_storm
   $ mkdir build
   $ cd build
   $ ccmake ..
     Change the followings:
       Z3_EXEC: venv_path/bin/z3
       Z3_INCLUDE_DIR: venv_path/include
       Z3_LIBRARY: venv_path/lib/
   $ make


   $ git clone
   $ cd stormpy
   $ git checkout 7ae4d0806edde02093d4f90ee25d381b344180ff
   $ python3 develop

Note that the last one has to be python3 even if in the virtual environment, python is a symbolic link to python3 already.