scispace - formally typeset
Search or ask a question

Showing papers by "Alberto Sangiovanni-Vincentelli published in 2017"


Journal ArticleDOI
TL;DR: In this article, the authors present a secure state estimation algorithm that uses a satisfiability modulo theory approach to harness the complexity of the secure state estimator and provide guarantees on the soundness and completeness of the algorithm.
Abstract: Secure state estimation is the problem of estimating the state of a dynamical system from a set of noisy and adversarially corrupted measurements. Intrinsically a combinatorial problem, secure state estimation has been traditionally addressed either by brute force search, suffering from scalability issues, or via convex relaxations, using algorithms that can terminate in polynomial time but are not necessarily sound. In this paper, we present a novel algorithm that uses a satisfiability modulo theory approach to harness the complexity of secure state estimation. We leverage results from formal methods over real numbers to provide guarantees on the soundness and completeness of our algorithm. Moreover, we discuss its scalability properties, by providing upper bounds on the runtime performance. Numerical simulations support our arguments by showing an order of magnitude decrease in execution time with respect to alternative techniques. Finally, the effectiveness of the proposed algorithm is demonstrated by applying it to the problem of controlling an unmanned ground vehicle.

240 citations


Posted Content
TL;DR: A framework to systematically analyze convolutional neural networks used in classification of cars in autonomous vehicles and can be used to extract insights of the CNN classifier, compare across classification models, or generate training and validation datasets.
Abstract: We present a framework to systematically analyze convolutional neural networks (CNNs) used in classification of cars in autonomous vehicles. Our analysis procedure comprises an image generator that produces synthetic pictures by sampling in a lower dimension image modification subspace and a suite of visualization tools. The image generator produces images which can be used to test the CNN and hence expose its vulnerabilities. The presented framework can be used to extract insights of the CNN classifier, compare across classification models, or generate training and validation datasets.

61 citations


Proceedings ArticleDOI
01 Dec 2017
TL;DR: An efficient algorithm for multi-robot motion planning from linear temporal logic (LTL) specifications is presented that is more than one order of magnitude faster than state-of-the-art sampling-based techniques for high-dimensional state spaces while supporting complex missions.
Abstract: We present an efficient algorithm for multi-robot motion planning from linear temporal logic (LTL) specifications. We assume that the dynamics of each robot can be described by a discrete-time, linear system together with constraints on the control inputs and state variables. Given an LTL formula specifying the multi-robot mission, our goal is to construct a set of collision-free trajectories for all robots, and the associated control strategies, to satisfy We show that the motion planning problem can be formulated as the feasibility problem for a formula p over Boolean and convex constraints, respectively capturing the LTL specification and the robot dynamics. We then adopt a satisfiability modulo convex (SMC) programming approach that exploits a monotonicity property of p to decompose the problem into smaller subproblems. Simulation results show that our algorithm is more than one order of magnitude faster than state-of-the-art sampling-based techniques for high-dimensional state spaces while supporting complex missions.

54 citations


Proceedings ArticleDOI
13 Apr 2017
TL;DR: This paper addresses the problem of determining the satisfiability of a Boolean combination of convex constraints over the real numbers, which is common in the context of hybrid system verification and control, and proposes a suite of algorithms that can trade complexity with the minimality of the generated infeasibility certificates.
Abstract: We address the problem of determining the satisfiability of a Boolean combination of convex constraints over the real numbers, which is common in the context of hybrid system verification and control. We first show that a special type of logic formulas, termed monotone Satisfiability Modulo Convex (SMC) formulas, is the most general class of formulas over Boolean and nonlinear real predicates that reduce to convex programs for any satisfying assignment of the Boolean variables. For this class of formulas, we develop a new satisfiability modulo convex optimization procedure that uses a lazy combination of SAT solving and convex programming to provide a satisfying assignment or determine that the formula is unsatisfiable. Our approach can then leverage the efficiency and the formal guarantees of state-of-the-art algorithms in both the Boolean and convex analysis domains. A key step in lazy satisfiability solving is the generation of succinct infeasibility proofs that can support conflict-driven learning and decrease the number of iterations between the SAT and the theory solver. For this purpose, we propose a suite of algorithms that can trade complexity with the minimality of the generated infeasibility certificates. Remarkably, we show that a minimal infeasibility certificate can be generated by simply solving one convex program for a sub-class of SMC formulas, namely ordered positive unate SMC formulas, that have additional monotonicity properties. Perhaps surprisingly, ordered positive unate formulas appear themselves very frequently in a variety of practical applications. By exploiting the properties of monotone SMC formulas, we can then build and demonstrate effective and scalable decision procedures for problems in hybrid system verification and control, including secure state estimation and robotic motion planning.

52 citations


Book ChapterDOI
01 Jan 2017
TL;DR: Leveraging on a comprehensive analysis of cyber-physical systems in Europe, this chapter presents overall findings focusing on a characterization of CPS and opportunities and challenges.
Abstract: Leveraging on a comprehensive analysis of cyber-physical systems (CPSs) in Europe, this chapter presents overall findings focusing on (1) a characterization of CPS, (2) opportunities and challenges ...

32 citations


Proceedings ArticleDOI
12 Jun 2017
TL;DR: This paper presents a novel methodology for embedded design generation that allows the generation of complete designs from high-level specifications and presents an implementation capable of synthesizing a variety of examples to show that the approach is viable.
Abstract: As personal fabrication becomes increasingly accessible and popular, a larger number of makers, many without formal training, are dabbling in embedded and electronics design. However, existing general-purpose, board-level circuit design techniques do not share desirable properties of modern software development, like rich abstraction layers and automated compiler checks, which facilitate powerful tools that ultimately lower the barrier to entry for programming, by allowing a higher level of design-separating specification from implementation-and providing automated guidance and feedback. In this paper, we present a novel methodology for embedded design generation that allows the generation of complete designs from high-level specifications. We present an implementation capable of synthesizing a variety of examples to show that our approach is viable. Starting from user-specified requirements and a library of available components, our tool encodes the design space as a system of constraints. Off-the-shelf solvers then reason over these constraints to create a block diagram with sufficient information to generate the device firmware and circuit netlist.

27 citations


Proceedings ArticleDOI
29 Sep 2017
TL;DR: An assume-guarantee contract framework for the design of cyber-physical systems, modeled as closed-loop control systems, under probabilistic requirements, using a variant of signal temporal logic, namely, Stochastic Signal Temporal Logic (StSTL), to specify system behaviors as well as contract assumptions and guarantees, thus enabling automatic reasoning about requirements of stochastic systems.
Abstract: We develop an assume-guarantee contract framework for the design of cyber-physical systems, modeled as closed-loop control systems, under probabilistic requirements. We use a variant of signal temporal logic, namely, Stochastic Signal Temporal Logic (StSTL) to specify system behaviors as well as contract assumptions and guarantees, thus enabling automatic reasoning about requirements of stochastic systems. Given a stochastic linear system representation and a set of requirements captured by bounded StSTL contracts, we propose algorithms that can check contract compatibility, consistency, and refinement, and generate a controller to guarantee that a contract is satisfied, following a stochastic model predictive control approach. Our algorithms leverage encodings of the verification and control synthesis tasks into mixed integer optimization problems, and conservative approximations of probabilistic constraints that produce both sound and tractable problem formulations. We illustrate the effectiveness of our approach on a few examples, including the design of embedded controllers for aircraft power distribution networks.

24 citations


Posted Content
TL;DR: An assume-guarantee contract framework for cyber-physical system design under probabilistic requirements is presented, and algorithms to check contract compatibility, consistency, and refinement, and generate a sequence of control inputs that satisfies a contract are proposed.
Abstract: We develop an assume-guarantee contract framework for the design of cyber-physical systems, modeled as closed-loop control systems, under probabilistic requirements. We use a variant of signal temporal logic, namely, Stochastic Signal Temporal Logic (StSTL) to specify system behaviors as well as contract assumptions and guarantees, thus enabling automatic reasoning about requirements of stochastic systems. Given a stochastic linear system representation and a set of requirements captured by bounded StSTL contracts, we propose algorithms that can check contract compatibility, consistency, and refinement, and generate a controller to guarantee that a contract is satisfied, following a stochastic model predictive control approach. Our algorithms leverage encodings of the verification and control synthesis tasks into mixed integer optimization problems, and conservative approximations of probabilistic constraints that produce both sound and tractable problem formulations. We illustrate the effectiveness of our approach on a few examples, including the design of embedded controllers for aircraft power distribution networks.

15 citations


Proceedings ArticleDOI
18 Jun 2017
TL;DR: Numerical results show that the application-specific approach substantially reduces the exploration time with respect to generic optimization techniques and helps provide clear identification of promising solutions.
Abstract: We address the design space exploration of wireless body area networks for wearable and implantable technologies, a task that is increasingly challenging as the number and variety of devices per person grow. Our method efficiently decomposes the problem into smaller subproblems by coordinating specialized analysis and optimization techniques. We leverage mixed integer linear programming to generate candidate network configurations based on coarse energy estimations. Accurate discrete-event simulation is used to check the feasibility of the proposed configurations under reliability constraints and guide the search to achieve fast convergence. Numerical results show that our application-specific approach substantially reduces the exploration time with respect to generic optimization techniques and helps provide clear identification of promising solutions.

12 citations


Proceedings ArticleDOI
18 Jun 2017
TL;DR: ARCHEx leverages an extensible set of patterns to enable formal, yet flexible, requirement specification, a graph-based internal representation of the system architecture, and algorithms based on mixed integer linear programming to solve the mapping problem.
Abstract: We present ArchEx, a framework for cyber-physical system architecture exploration. We formulate the exploration problem as a mapping problem, where "virtual" components are mapped into "real" components from pre-defined libraries to minimize an objective function while guaranteeing that system requirements are satisfied. ArchEx leverages an extensible set of patterns to enable formal, yet flexible, requirement specification, a graph-based internal representation of the system architecture, and algorithms based on mixed integer linear programming to solve the mapping problem. Its effectiveness is demonstrated on two industrial case studies: an aircraft power distribution network and a reconfigurable automated production line.

11 citations


Posted Content
TL;DR: This work describes the use of STL to specify a wide range of properties of cyber-physical systems, including safety, response and bounded liveness, and encode STL specifications as mixed integer-linear constraints on the system variables in the optimization problem at each step of a receding horizon control framework.
Abstract: We present a mathematical programming-based method for model predictive control of cyber-physical systems subject to signal temporal logic (STL) specifications. We describe the use of STL to specify a wide range of properties of these systems, including safety, response and bounded liveness. For synthesis, we encode STL specifications as mixed integer-linear constraints on the system variables in the optimization problem at each step of a receding horizon control framework. We prove correctness of our algorithms, and present experimental results for controller synthesis for building energy and climate control.

Journal ArticleDOI
TL;DR: The Internet of Things promises to be the next big wave that will further raise the technological and economic impact of the semiconductor industry and reach an unprecedented scale of trillions of connected devices.
Abstract: The Internet of Things (IoT) refers to the interconnection of everyday objects endowed with sensing, processing, communication and energy management capabilities [item 1) in the Appendix] (the “IoT nodes”). Being at the beginning of its “S curve” in terms of stage of adoption [item 2) in the Appendix] (see “innovators” in Fig. 1 ), the IoT promises to be the next big wave that will further raise the technological and economic impact of the semiconductor industry. More than a decade from now, the massive adoption of IoT technologies (see “late majority” in Fig. 1 ) is expected to expand the number of connected devices per person to the order of a thousand, thus reaching an unprecedented scale of trillions of connected devices [item 3) in the Appendix].

Journal ArticleDOI
TL;DR: The ability to eliminate wires in vehicles is a compelling value proposition; it decreases part, manufacturing, and maintenance costs and improves fuel efficiency and, therefore, greenhouse gas emissions.
Abstract: Vehicles have mutated from mechanical systems into cyberphysical systems featuring a large number of electronic control units (ECUs), sensors, and actuators. The wiring harnesses used for the transmission of data and power delivery for these components may have up to 4,000 parts, weigh as much as 40 kg, and contain up to 4 km of wiring. The amount of wiring is expected to grow as vehicles evolve and begin to include enhanced active safety features and, eventually, self-driving capabilities and diversified sensing resources. Consequently, the ability to eliminate wires in vehicles is a compelling value proposition; it decreases part, manufacturing, and maintenance costs and improves fuel efficiency and, therefore, greenhouse gas emissions. Furthermore, it may spur innovation by providing an open architecture to accommodate new components, offering the potential for growth in automotive applications-possibly similar to the computer and phone industry over the past decade.

Journal ArticleDOI
TL;DR: Syntax and semantics of the language, a development environment, which includes a compiler and a verification back‐end, and an application example are described, which allows users of CSL4P to define different platforms out of the same set of components.




Proceedings ArticleDOI
01 Aug 2017
TL;DR: The computed polytopic approximation, as an abstraction of load unit's flexibility, can be used in a receding horizon control framework for the grid operator to simultaneously coordinate multiple loads.
Abstract: In this paper, we propose two methods for computing a polytopic approximation of the demand shifting flexibility of a load unit over a future horizon, using a mathematical optimization framework. The computed polytopic approximation, as an abstraction of load unit's flexibility, can be used in a receding horizon control framework for the grid operator to simultaneously coordinate multiple loads. One method is to use a parallelotope to represent the flexibility, which shows in the experiments a performance advantage over related approaches using zonotopes or hyper-ellipsoids. Another method that uses a resource polytope model shows a better performance but at a cost of extended runtime due to its nonlinear formulation.

Book
07 Jan 2017
TL;DR: This book develops a systematic approach to address security at early design stages together with all other design constraints to address rising security issues during the design stages of cyber-physical systems.
Abstract: Addressing the rising security issues during the design stages of cyber-physical systems, this book develops a systematic approach to address security at early design stages together with all other design constraints. Cyber-attacks become more threatening as systems are becoming more connected with the surrounding environment, infrastructures, and other systems. Security mechanisms can be designed to protect against attacks and meet security requirements, but there are many challenges of applying security mechanisms to cyber-physical systems including open environments, limited resources, strict timing requirements, and large number of devices. Designed for researchers and professionals, this book is valuable for individuals working in network systems, security mechanisms, and system design. It is also suitable for advanced-level students of computer science.

Posted Content
TL;DR: This work addresses the problem of synthesizing reactive controllers for cyber-physical systems subject to Signal Temporal Logic specifications in the presence of adversarial inputs by building a strategy tree representing the interaction between the system and its environment and shows an application in the autonomous car domain.
Abstract: We address the problem of synthesizing reactive controllers for cyber-physical systems subject to Signal Temporal Logic (STL) specifications in the presence of adversarial inputs. Given a finite horizon, we define a reactive hierarchy of control problems that differ in the degree of information available to the system about the adversary's actions over the horizon. We show how to construct reactive controllers at various levels of the hierarchy, leveraging the existence of Lipschitz bounds on system dynamics and the quantitative semantics of STL. Our approach, a counterexample-guided inductive synthesis (CEGIS) scheme based on optimization and satisfiability modulo theories (SMT) solving, builds a strategy tree representing the interaction between the system and its environment. In every iteration of the CEGIS loop, we use a mix of optimization and SMT to maximally discard controllers falsified by a given counterexample. Our approach can be applied to any system with local Lipschitz-bounded dynamics, including linear, piecewise-linear and differentially-flat systems. Finally we show an application in the autonomous car domain.