Synthesis of Admissible Shields

  • Laura Humphrey
  • Bettina KönighoferEmail author
  • Robert Könighofer
  • Ufuk Topcu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10028)


Shield synthesis is an approach to enforce a set of safety-critical properties of a reactive system at runtime. A shield monitors the system and corrects any erroneous output values instantaneously. The shield deviates from the given outputs as little as it can and recovers to hand back control to the system as soon as possible. This paper takes its inspiration from a case study on mission planning for unmanned aerial vehicles (UAVs) in which k-stabilizing shields, which guarantee recovery in a finite time, could not be constructed. We introduce the notion of admissible shields, which improves k-stabilizing shields in two ways: (1) whereas k-stabilizing shields take an adversarial view on the system, admissible shields take a collaborative view. That is, if there is no shield that guarantees recovery within k steps regardless of system behavior, the admissible shield will attempt to work with the system to recover as soon as possible. (2) Admissible shields can handle system failures during the recovery phase. In our experimental results we show that for UAVs, we can generate admissible shields, even when k-stabilizing shields do not exist.


Unmanned Aerial Vehicle Safety Property Winning Strategy Safety Specification Admissible Strategy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bloem, R., Chatterjee, K., Greimel, K., Henzinger, T.A., Hofferek, G., Jobstmann, B., Könighofer, B., Könighofer, R.: Synthesizing robust systems. Acta Informatica 51(3–4), 193–220 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bloem, R., Ehlers, E., Könighofer, R.: Cooperative reactive synthesis. In: Finkbeiner, B., Pu, G., Zhang, L. (eds.) ATVA 2015. LNCS, vol. 9364, pp. 394–410. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24953-7_29 CrossRefGoogle Scholar
  3. 3.
    Bloem, R., Jobstmann, B., Piterman, N., Pnueli, A., Sa’ar, Y.: Synthesis of reactive(1) designs. J. Comput. Syst. Sci. 78(3), 911–938 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bloem, R., Könighofer, B., Könighofer, R., Wang, C.: Shield synthesis: - runtime enforcement for reactive systems. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 533–548. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46681-0_50 Google Scholar
  5. 5.
    Chao, H., Cao, Y., Chen, Y.: Autopilots for small unmanned aerial vehicles: a survey. Int. J. Control Autom. Syst. 8(1), 36–44 (2010)CrossRefGoogle Scholar
  6. 6.
    Chen, J., Barnes, M.: Supervisory control of multiple robot: effects of imperfect automation and individual differences. Hum. Fact.: J. Hum. Fact. Ergon. Soc. 54(2), 157–174 (2012)CrossRefGoogle Scholar
  7. 7.
    Dalamagkidis, K., Valavanis, K.P., Piegl, L.A.: On Integrating Unmanned Aircraft Systems into the National Airspace System: Issues, Challenges, Operational Restrictions, Certification, and Recommendations, vol. 54. Springer Science & Business Media, Berlin (2011)Google Scholar
  8. 8.
    Donmez, B., Nehme, C., Cummings, M.L.: Modeling workload impact in multiple unmanned vehicle supervisory control. IEEE Trans. Syst. Man Cybern. A. Syst. Hum. 40(6), 1180–1190 (2010)CrossRefGoogle Scholar
  9. 9.
    Ehlers, R., Könighofer, R., Bloem, R.: Synthesizing cooperative reactive mission plans. In: 2015 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2015, Hamburg, Germany, pp. 3478–3485. IEEE (2015)Google Scholar
  10. 10.
    Ehlers, R., Topcu, U.: Resilience to intermittent assumption violations in reactive synthesis. In: 17th International Conference on Hybrid Systems: Computation and Control, HSCC 2014, Berlin, Germany, 15–17 April 2014, pp. 203–212. ACM (2014)Google Scholar
  11. 11.
    Faella, M.: Admissible strategies in infinite games over graphs. In: Královič, R., Niwiński, D. (eds.) MFCS 2009. LNCS, vol. 5734, pp. 307–318. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03816-7_27 CrossRefGoogle Scholar
  12. 12.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: What can you verify and enforce at runtime? STTT 14(3), 349–382 (2012)CrossRefGoogle Scholar
  13. 13.
    Feng, L., Wiltsche, C., Humphrey, L., Topcu, U.: Synthesis of human-in-the-loop control protocols for autonomous systems. In: IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS) (2016)Google Scholar
  14. 14.
    Leucker, M., Schallhart, S.: A brief account of runtime verification. J. Log. Algebr. Program. 78(5), 293–303 (2009)CrossRefzbMATHGoogle Scholar
  15. 15.
    Li, W., Sadigh, D., Sastry, S.S., Seshia, S.A.: Synthesis for human-in-the-loop control systems. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 470–484. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54862-8_40 CrossRefGoogle Scholar
  16. 16.
    Loh, R., Bian, Y., Roe, T.: UAVs in civil airspace: safety requirements. IEEE Aerosp. Electron. Syst. Mag. 24(1), 5–17 (2009)CrossRefGoogle Scholar
  17. 17.
    Lygeros, J., Godbole, D.N., Sastry, S.: Verified hybrid controllers for automated vehicles. IEEE Trans. Autom. Control 43, 522–539 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Mancini, T., Mari, F., Massini, A., Melatti, I., Tronci, E.: Anytime system level verification via random exhaustive hardware in the loop simulation. In: 2014 17th Euromicro Conference on Digital System Design (DSD), pp. 236–245, August 2014Google Scholar
  19. 19.
    Mazala, R.: Infinite games. In: Grädel, E., Thomas, W., Wilke, T. (eds.) Automata Logics, and Infinite Games: A Guide to Current Research. LNCS, vol. 2500, pp. 23–38. Springer, Heidelberg (2002). doi: 10.1007/3-540-36387-4_2 CrossRefGoogle Scholar
  20. 20.
    Pnueli, A., Rosner, R.: On the synthesis of an asynchronous reactive module. In: Ausiello, G., Dezani-Ciancaglini, M., Rocca, S.R. (eds.) ICALP 1989. LNCS, vol. 372, pp. 652–671. Springer, Heidelberg (1989). doi: 10.1007/BFb0035790 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Laura Humphrey
    • 1
  • Bettina Könighofer
    • 2
    Email author
  • Robert Könighofer
    • 2
  • Ufuk Topcu
    • 3
  1. 1.Control Science Center of Excellence, AFRLWright-Patterson AFBUSA
  2. 2.IAIKGraz University of TechnologyGrazAustria
  3. 3.University of Texas at AustinAustinUSA

Personalised recommendations