Core Concepts
This paper presents an approach called Control Envelope Synthesis via Angelic Refinements (CESAR) that synthesizes provably correct control envelopes for hybrid systems. The control envelopes characterize families of safe controllers and are used to monitor untrusted controllers at runtime. CESAR fills in the blanks of a hybrid system's sketch to maximize the flexibility of the control envelope while establishing the desired safety condition.
Abstract
The paper introduces CESAR, an approach for synthesizing provably correct control envelopes for hybrid systems. Control envelopes characterize families of safe controllers and are used to monitor untrusted controllers at runtime.
The key insights are:
CESAR fills in the blanks of a hybrid system's sketch, specifying the desired shape of the control envelope, the possible control actions, and the system's differential equations.
To maximize the flexibility of the control envelope, CESAR synthesizes conditions saying which control action can be chosen when, as permissively as possible while establishing the desired safety condition.
CESAR uses hybrid systems game theory to implicitly characterize an optimal safe control envelope, from which explicit solutions can be derived via symbolic execution and sound, systematic game refinements.
CESAR is demonstrated on a range of safe control envelope synthesis examples with different control challenges, including benchmarks with non-solvable dynamics and those requiring a sequence of clever control actions.
Stats
A > 0 ∧B > 0 ∧T > 0 ∧v ≥0
e - p > v^2/2B
e - p > vT + AT^2/2 + (v + AT)^2/2B
V > 0 ∧T > 0
y > -R ∧|x| < R
V T < 2R ∧(x > -R ∧|y| < R)
Quotes
"Control envelopes allow the verification of abstractions of control systems, isolating the parts relevant to the safety feature of interest, without involving the full complexity of a specific control implementation."
"The full control system is then monitored for adherence to the safe control envelope at runtime."