SURF 2024: Hierarchical Testing for Safety-Critical Autonomous Systems: Difference between revisions
No edit summary |
|||
Line 12: | Line 12: | ||
For example, consider a simple 2D double integrator system illustrated as a blue point mass as seen in the following .mp4 files. This system has two operating modes: north-south oscillating mode and east-west oscillating mode. The N-S and E-W poles are illustrated in red. When an external "switch" command is given to the system, it needs to safely switch to the other operating mode without entering the unsafe regions (shaded in blue). | For example, consider a simple 2D double integrator system illustrated as a blue point mass as seen in the following .mp4 files. This system has two operating modes: north-south oscillating mode and east-west oscillating mode. The N-S and E-W poles are illustrated in red. When an external "switch" command is given to the system, it needs to safely switch to the other operating mode without entering the unsafe regions (shaded in blue). | ||
The following video illustrates the system responding to a switch command. The system safely transitions from oscillating in the N-S mode to the E-W mode without entering the blue regions. In fact, the time of the switch command | |||
[[File:single_switch.mp4|right|800px|Caption: Single switch commanded results in safe trajectory.]] | [[File:single_switch.mp4|right|800px|Caption: Single switch commanded results in safe trajectory.]] | ||
[[File:double_switch.mp4 |right|800px|Caption: Two switch commands in quick succession shows unsafe trajectory.]] | [[File:double_switch.mp4 |right|800px|Caption: Two switch commands in quick succession shows unsafe trajectory.]] |
Revision as of 21:06, 15 December 2023
2024 SURF Hierarchical Testing for Safety-Critical Autonomous Systems
- Mentor: Richard Murray
- Co-mentor: Apurva Badithela
Project Description
Automatically identifying failure cases of safety-critical autonomous systems is important for mainstream deployment of these systems. A few examples of such safety-critical robotic systems is illustrated on the right. Since autonomous robotic systems are complex and their domain of operation is very large, it is not possible to exhaustively verify correctness of the autonomous system with respect to safety specifications. Oftentimes, these systems need to reason over both discrete as well as continuous inputs and parameters.

State of the art methods include simulation-based falsification in which a simulator of the system (whose model is black-box) is queried with inputs until a failing trace is found. Current research in this area is in developing novel black-box optimization algorithms to query inputs in identifying these failing traces. However, most of these algorithms require the input vector to be continuous valued. Furthermore, these test inputs are often parameters that remain constant throughout the test, and are not reactive to system behavior. We wish to research the applicability of these methods to discrete-valued as well as mixed discrete-continuous inputs, and to reactive settings.
For example, consider a simple 2D double integrator system illustrated as a blue point mass as seen in the following .mp4 files. This system has two operating modes: north-south oscillating mode and east-west oscillating mode. The N-S and E-W poles are illustrated in red. When an external "switch" command is given to the system, it needs to safely switch to the other operating mode without entering the unsafe regions (shaded in blue).
The following video illustrates the system responding to a switch command. The system safely transitions from oscillating in the N-S mode to the E-W mode without entering the blue regions. In fact, the time of the switch command File:Single switch.mp4