It's Time to Play Safe: Shield Synthesis for Timed Systems

Roderick Bloem; Peter Gjøl Jensen; Bettina Könighofer; Kim Guldstrand Larsen; Florian Lorber; Alexander Matteo Palmisano

It's Time to Play Safe: Shield Synthesis for Timed Systems

Roderick Bloem, Peter Gjøl Jensen, Bettina Könighofer, Kim Guldstrand Larsen, Florian Lorber, Alexander Matteo Palmisano

Research output: Working paper › Preprint

Abstract

Erroneous behaviour in safety critical real-time systems may inflict serious consequences. In this paper, we show how to synthesize timed shields from timed safety properties given as timed automata. A timed shield enforces the safety of a running system while interfering with the system as little as possible. We present timed post-shields and timed pre-shields. A timed pre-shield is placed before the system and provides a set of safe outputs. This set restricts the choices of the system. A timed post-shield is implemented after the system. It monitors the system and corrects the system's output only if necessary. We further extend the timed post-shield construction to provide a guarantee on the recovery phase, i.e., the time between a specification violation and the point at which full control can be handed back to the system. In our experimental results, we use timed post-shields to ensure the safety in a reinforcement learning setting for controlling a platoon of cars, during the learning and execution phase, and study the effect.

Original language	English
Number of pages	19
Publication status	Published - 30 Jun 2020

Publication series

Name	arXiv.org e-Print archive
Publisher	Cornell University Library

Keywords

cs.LO
cs.LG

Access to Document

https://arxiv.org/abs/2006.16688

Cite this

@techreport{057d3d68835a4854a95c820128ded3fe,

title = "It's Time to Play Safe: Shield Synthesis for Timed Systems",

abstract = " Erroneous behaviour in safety critical real-time systems may inflict serious consequences. In this paper, we show how to synthesize timed shields from timed safety properties given as timed automata. A timed shield enforces the safety of a running system while interfering with the system as little as possible. We present timed post-shields and timed pre-shields. A timed pre-shield is placed before the system and provides a set of safe outputs. This set restricts the choices of the system. A timed post-shield is implemented after the system. It monitors the system and corrects the system's output only if necessary. We further extend the timed post-shield construction to provide a guarantee on the recovery phase, i.e., the time between a specification violation and the point at which full control can be handed back to the system. In our experimental results, we use timed post-shields to ensure the safety in a reinforcement learning setting for controlling a platoon of cars, during the learning and execution phase, and study the effect. ",

keywords = "cs.LO, cs.LG",

author = "Roderick Bloem and Jensen, {Peter Gj{\o}l} and Bettina K{\"o}nighofer and Larsen, {Kim Guldstrand} and Florian Lorber and Palmisano, {Alexander Matteo}",

note = "Submitted to RV2020",

year = "2020",

month = jun,

day = "30",

language = "English",

series = "arXiv.org e-Print archive",

publisher = "Cornell University Library",

type = "WorkingPaper",

institution = "Cornell University Library",

}

TY - UNPB

T1 - It's Time to Play Safe

T2 - Shield Synthesis for Timed Systems

AU - Bloem, Roderick

AU - Jensen, Peter Gjøl

AU - Könighofer, Bettina

AU - Larsen, Kim Guldstrand

AU - Lorber, Florian

AU - Palmisano, Alexander Matteo

N1 - Submitted to RV2020

PY - 2020/6/30

Y1 - 2020/6/30

N2 - Erroneous behaviour in safety critical real-time systems may inflict serious consequences. In this paper, we show how to synthesize timed shields from timed safety properties given as timed automata. A timed shield enforces the safety of a running system while interfering with the system as little as possible. We present timed post-shields and timed pre-shields. A timed pre-shield is placed before the system and provides a set of safe outputs. This set restricts the choices of the system. A timed post-shield is implemented after the system. It monitors the system and corrects the system's output only if necessary. We further extend the timed post-shield construction to provide a guarantee on the recovery phase, i.e., the time between a specification violation and the point at which full control can be handed back to the system. In our experimental results, we use timed post-shields to ensure the safety in a reinforcement learning setting for controlling a platoon of cars, during the learning and execution phase, and study the effect.

AB - Erroneous behaviour in safety critical real-time systems may inflict serious consequences. In this paper, we show how to synthesize timed shields from timed safety properties given as timed automata. A timed shield enforces the safety of a running system while interfering with the system as little as possible. We present timed post-shields and timed pre-shields. A timed pre-shield is placed before the system and provides a set of safe outputs. This set restricts the choices of the system. A timed post-shield is implemented after the system. It monitors the system and corrects the system's output only if necessary. We further extend the timed post-shield construction to provide a guarantee on the recovery phase, i.e., the time between a specification violation and the point at which full control can be handed back to the system. In our experimental results, we use timed post-shields to ensure the safety in a reinforcement learning setting for controlling a platoon of cars, during the learning and execution phase, and study the effect.

KW - cs.LO

KW - cs.LG

M3 - Preprint

T3 - arXiv.org e-Print archive

BT - It's Time to Play Safe

ER -

It's Time to Play Safe: Shield Synthesis for Timed Systems

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Cite this