Abstract
AI-based autonomous systems are increasingly relying on machine learning (ML) components to perform a variety of complex tasks in perception, prediction, and control. The use of ML components is projected to grow and with it the concern of using these components in systems that operate in safety-critical settings. To guarantee a safe operation of autonomous systems, it is important to run an ML component in its operational design domain (ODD), i.e., the conditions under which using the component does not endanger the safety of the system. Building safe and reliable autonomous systems which may use machine-learning-based components, calls therefore for automated techniques that allow to systematically capture the ODD of systems.
In this paper, we present a framework for learning runtime monitors that capture the ODDs of black-box systems. A runtime monitor of an ODD predicts based on a sequence of monitorable observations whether the system is about to exit the ODD. We particularly investigate the learning of optimal monitors based on counterexample-guided refinement and conformance testing. We evaluate the applicability of our approach on a case study from the domain of autonomous driving.
This work is partially supported by NSF grants 1545126 (VeHICaL), 1646208 and 1837132, by the DARPA contracts FA8750-18-C-0101 (AA) and FA8750-20-C-0156 (SDCPS), by Berkeley Deep Drive, by C3DTI, by the Toyota Research Institute, and by Toyota under the iCyPhy center.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
References
Abdar, M., et al.: A review of uncertainty quantification in deep learning: techniques, applications and challenges. Inf. Fusion 76, 243ā297 (2021)
Amodei, D., Olah, C., Steinhardt, J., Christiano, P., Schulman, J., ManƩ, D.: Concrete problems in AI safety. CoRR, abs/1606.06565 (2016)
Azad, A.S., et al.: Scenic4rl: programmatic modeling and generation of reinforcement learning environments. CoRR, abs/2106.10365 (2021)
Basin, D., Klaedtke, F., MĆ¼ller, S., ZÄlinescu, E.: Monitoring metric first-order temporal properties. J. ACM 62(2), 1ā45 (2015)
Blumenthal, M.S., Fraade-Blanar, L., Best, R., Irwin, J.L.: Safe Enough: Approaches to Assessing Acceptable Safety for Automated Vehicles. RAND Corporation, Santa Monica, CA (2020)
Bortolussi, L., Cairoli, F., Paoletti, N., Smolka, S.A., Stoller, S.D.: Neural predictive monitoring and a comparison of frequentist and bayesian approaches. Int. J. Softw. Tools Technol. Transf. 23(4), 615ā640 (2021). https://doi.org/10.1007/s10009-021-00623-1
Colwell, I., Phan, B., Saleem, S., Salay, R., Czarnecki, K.: An automated vehicle safety concept based on runtime restriction of the operational design domain. In: 2018 IEEE Intelligent Vehicles Symposium (IV), pp. 1910ā1917 (2018)
Desai, A., Ghosh, S., Seshia, S.A., Shankar, N., Tiwari, A.: SOTER: a runtime assurance framework for programming safe robotics systems. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2019)
Deshmukh, J.V., DonzĆ©, A., Ghosh, S., Jin, X., Juniwal, G., Seshia, S.A.: Robust online monitoring of signal temporal logic. Formal Meth. Syst. Des. 51(1), 5ā30 (2017). https://doi.org/10.1007/s10703-017-0286-7
Dietterich, T.G., Horvitz, E.: Rise of concerns about AI: reflections and directions. Commun. ACM 58(10), 38ā40 (2015)
DonzĆ©, A., Maler, O.: Robust satisfaction of temporal logic over real-valued signals. In: Chatterjee, K., Henzinger, T.A. (eds.) FORMATS 2010. LNCS, vol. 6246, pp. 92ā106. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15297-9_9
Dosovitskiy, A., Ros, G., Codevilla, F., Lopez, A., Koltun, V.: CARLA: an open urban driving simulator. In: Proceedings of the 1st Annual Conference on Robot Learning, pp. 1ā16 (2017)
Dreossi, T., et al.: VerifAI: a toolkit for the formal design and analysis of artificial intelligence-based systems. In: Dillig, I., Tasiran, S. (eds.) CAV 2019. LNCS, vol. 11561, pp. 432ā442. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25540-4_25
Dreossi, T., Jha, S., Seshia, S.A.: Semantic adversarial deep learning. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 3ā26. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96145-3_1
Falcone, Y., Mounier, L., Fernandez, J.-C., Richier, J.-L.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Formal Meth. Syst. Des. 38(3), 223ā262 (2011). https://doi.org/10.1007/s10703-011-0114-4
Faymonville, P., et al.: StreamLAB: stream-based monitoring of cyber-physical systems. In: Dillig, I., Tasiran, S. (eds.) CAV 2019. LNCS, vol. 11561, pp. 421ā431. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25540-4_24
Finkbeiner, B., Sipma, H.: Checking finite traces using alternating automata. Formal Meth. Syst. Des. 24(2), 101ā127 (2004). https://doi.org/10.1023/B:FORM.0000017718.28096.48
Fremont, D.J., Chiu, J., Margineantu, D.D., Osipychev, D., Seshia, S.A.: Formal analysis and redesign of a neural network-based aircraft taxiing system with VerifAI. In: Lahiri, S.K., Wang, C. (eds.) CAV 2020. LNCS, vol. 12224, pp. 122ā134. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-53288-8_6
Fremont, D.J., et al.: Scenic: a language for scenario specification and scene generation. In: PLDI, pp. 63ā78. ACM (2019)
Fremont, D.J., et al.: Scenic: a language for scenario specification and data generation (2020)
Fremont, D.J., et al.: Formal scenario-based testing of autonomous vehicles: from simulation to the real world. In: ITSC (2020)
Gawlikowski, J., et al.: A survey of uncertainty in deep neural networks. CoRR, abs/2107.03342 (2021)
Ghosh, S., Pant, Y.V., Ravanbakhsh, H., Seshia, S.A.: Counterexample-guided synthesis of perception models and control. In: American Control Conference (ACC), pp. 3447ā3454. IEEE (2021)
Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58(301), 13ā30 (1963)
The British Standards Institution. Operational design domain (odd) taxonomy for an automated driving system (ads) - specification. BSI PAS 1883 (2020)
Irvine, P., Zhang, X., Khastgir, S., Schwalb, E., Jennings, P.: A two-level abstraction ODD definition language: part i*. In: 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2614ā2621. IEEE Press (2021)
Jha, S., Gulwani, S., Seshia, S.A., Tiwari, A.: Oracle-guided component-based program synthesis. In: ICSE, vol. 1, pp. 215ā224. ACM (2010)
Jha, S., Seshia, S.A.: A theory of formal synthesis via inductive learning. Acta Informatica 54(7), 693ā726 (2017). https://doi.org/10.1007/s00236-017-0294-5
Khastgir, S., Birrell, S.A., Dhadyalla, G., Jennings, P.A.: Calibrating trust through knowledge: introducing the concept of informed safety for automation in vehicles. In: Transportation Research Part C: Emerging Technologies (2018)
Khastgir, S., Brewerton, S., Thomas, J., Jennings, P.: Systems approach to creating test scenarios for automated driving systems. Reliab. Eng. Syst. Saf. 215, 107610 (2021)
Koymans, R.: Specifying real-time properties with metric temporal logic. Real-Time Syst. 2(4), 255ā299 (1990)
Lee, I., Kannan, S., Kim, M., Sokolsky, O., Viswanathan, M.: Runtime assurance based on formal specifications. In: Arabnia, H.R. (ed.) Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA 1999, June 28 - Junlly 1 1999, Las Vegas, Nevada, USA, pp. 279ā287. CSREA Press (1999)
Lukina, A., Schilling, C., Henzinger, T.A.: Into the unknown: active monitoring ofĀ neural networks. In: Feng, L., Fisman, D. (eds.) RV 2021. LNCS, vol. 12974, pp. 42ā61. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88494-9_3
Maler, O., Nickovic, D.: Monitoring temporal properties of continuous signals. In: Lakhnech, Y., Yovine, S. (eds.) FORMATS/FTRTFT -2004. LNCS, vol. 3253, pp. 152ā166. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30206-3_12
Mitsch, S., Platzer, A.: Modelplex: verified runtime validation of verified cyber-physical system models. Formal Meth. Syst. Des. 49(1ā2), 33ā74 (2016). https://doi.org/10.1007/s10703-016-0241-z
SAE on Road Automated Driving Committee et al. SAE J3016. taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles. Technical report
RoÅu, G., Chen, F., Ball, T.: Synthesizing monitors for safety properties: this time with calls and returns. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 51ā68. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89247-2_4
SĆ”nchez, C., et al.: A survey of challenges for runtime verification from advanced application domains (beyond software). Formal Meth. Syst. Des. 54(3), 279ā335 (2019). https://doi.org/10.1007/s10703-019-00337-w
Seshia, S.A.: Introspective environment modeling. In: Finkbeiner, B., Mariani, L. (eds.) RV 2019. LNCS, vol. 11757, pp. 15ā26. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32079-9_2
Seshia, S.A., Sadigh, D.: Towards verified artificial intelligence. CoRR, abs/1606.08514 (2016)
Sha, L.: Using simplicity to control complexity. IEEE Softw. 18(4), 20ā28 (2001)
Shalev-Shwartz, S., Ben-David, S.: Understanding Machine Learning: From Theory to Algorithms. Cambridge University Press, USA (2014)
Shivakumar, S., Torfah, H., Desai, A., Seshia, S.A.: SOTER on ROS: a run-time assurance framework on the robot operating system. In: Deshmukh, J., NiÄkoviÄ, D. (eds.) RV 2020. LNCS, vol. 12399, pp. 184ā194. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60508-7_10
Thorn, E., Kimmel, S. C., Chaka, M..: A framework for automated driving system testable cases and scenarios (2018)
Torfah, H.: Stream-based monitors for real-time properties. In: Finkbeiner, B., Mariani, L. (eds.) RV 2019. LNCS, vol. 11757, pp. 91ā110. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32079-9_6
Torfah, H., Junges, S., Fremont, D.J., Seshia, S.A.: Formal analysis of AI-based autonomy: from modeling to runtime assurance. In: Feng, L., Fisman, D. (eds.) RV 2021. LNCS, vol. 12974, pp. 311ā330. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88494-9_19
Zhang, X., Khastgir, S., Jennings, P.: Scenario description language for automated driving systems: a two level abstraction approach. In: 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 973ā980 (2020)
Acknowledgments
The authors are grateful to Daniel Fremont for his contributions to the VerifAI and Scenic projects, and assistance with these tools for this paper. The authors also want to thank Johnathan Chiu, Tommaso Dreossi, Shromona Ghosh, Francis Indaheng, Edward Kim, Hadi Ravanbakhsh, Ameesh Shah and Kesav Viswanadha for their valuable feedback and contributions to the VerifAI project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Torfah, H., Xie, C., Junges, S., Vazquez-Chanlatte, M., Seshia, S.A. (2022). Learning Monitorable Operational Design Domains forĀ Assured Autonomy. In: Bouajjani, A., HolĆk, L., Wu, Z. (eds) Automated Technology for Verification and Analysis. ATVA 2022. Lecture Notes in Computer Science, vol 13505. Springer, Cham. https://doi.org/10.1007/978-3-031-19992-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-19992-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19991-2
Online ISBN: 978-3-031-19992-9
eBook Packages: Computer ScienceComputer Science (R0)