TL;DR
This paper introduces a novel approach using stochastic barrier functions and sum-of-squares optimization to verify and control the finite-time safety probabilities of stochastic systems, including controller synthesis for affine-in-control dynamics.
Contribution
It proposes a new barrier certificate condition with a state-dependent bound and a method for synthesizing polynomial controllers to ensure safety probabilities.
Findings
Efficient numerical computation via sum-of-squares optimization.
Tighter probability bounds through state-dependent infinitesimal generator bounds.
Controller synthesis achieving specified safety probabilities.
Abstract
This paper studies the problem of enforcing safety of a stochastic dynamical system over a finite time horizon. We use stochastic barrier functions as a means to quantify the probability that a system exits a given safe region of the state space in finite time. A barrier certificate condition that bounds the infinitesimal generator of the system, and hence bounds the expected value of the barrier function over the time horizon, is recast as a sum-of-squares optimization problem for efficient numerical computation. Unlike prior works, the proposed certificate condition includes a state-dependent bound on the infinitesimal generator, allowing for tighter probability bounds. Moreover, for stochastic systems for which the drift dynamics are affine-in-control, we propose a method for synthesizing polynomial state feedback controllers that achieve a specified probability of safety. Two case…
| Noise Level, | |||
|---|---|---|---|
| 0.6 | 0.860 | 1.4 | 2.1821 |
| 0.9 | 0.919 | 1.3 | 0.5251 |
| 1.0 | 0.912 | 1.3 | 0.6396 |
| 1.3 | 0.949 | 1.5 | 1.1488 |
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Verification and Control for Finite-Time Safety of Stochastic Systems via Barrier Functions
Cesar Santoyo, Maxence Dutreix, and Samuel Coogan C. Santoyo ([email protected]) and M. Dutreix ([email protected]) are with the School of Electrical & Computer Engineering, Georgia Institute of Technology, Atlanta, GA., 30318, USA.S. Coogan ([email protected]) is with the School of Electrical & Computer Engineering and the School of Civil and Environmental Engineering, Georgia Institute of Technology, Atlanta, GA., 30318, USA.This work was partially supported by NSF under Grant #1749357. C. Santoyo was supported by the NSF Graduate Research Fellowship Program under Grant No. DGE-1650044.
Abstract
This paper studies the problem of enforcing safety of a stochastic dynamical system over a finite time horizon. We use stochastic barrier functions as a means to quantify the probability that a system exits a given safe region of the state space in finite time. A barrier certificate condition that bounds the infinitesimal generator of the system, and hence bounds the expected value of the barrier function over the time horizon, is recast as a sum-of-squares optimization problem for efficient numerical computation. Unlike prior works, the proposed certificate condition includes a state-dependent bound on the infinitesimal generator, allowing for tighter probability bounds. Moreover, for stochastic systems for which the drift dynamics are affine-in-control, we propose a method for synthesizing polynomial state feedback controllers that achieve a specified probability of safety. Two case studies are presented that benchmark and illustrate the performance of our method.
I Introduction
Reliance on complex, safety-critical systems is increasing, which has made safety verification of such systems of utmost importance. For example, environments populated by both humans and autonomous systems (e.g. fulfillment centers, autonomous vehicles, and healthcare) require rigorous safety verification to ensure desired behavior is achieved. From a practical standpoint, safety verification can translate directly to ensuring qualitative guidelines such as collision avoidance are maintained. Safety-critical systems are often analyzed in a purely deterministic framework, however, many real-world applications are subject to stochastic disturbances and are better modeled as stochastic systems.
A common approach to safety verification in deterministic systems is via barrier functions which provide Lyapunov-like guarantees regarding system behavior. The existence of a barrier function which satisfies a barrier certificate can often be enough to certify the safe operation of a system [1]. Recent work has modified and improved the deterministic form of barrier functions and expanded their application. In particular, control barrier functions have been introduced to guaranteed safety in control affine systems [2, 3]. This is demonstrated in applications for cruise control [3, 4], collision avoidance in robotic swarms [5], and walking robots [6], and has recently been extended to allow for input-to-state safe control barrier functions [7] and to guarantee finite-time convergence to a safe region [8].
In the stochastic setting, safety verification via barrier certificates for infinite time horizons was introduced in [1] alongside the deterministic counterpart. The work presented in [1] provides a framework for bounding the probability a system will exit a safe region based on a non-negative barrier function defined on the system state space. In this approach, the probability is directly correlated with the set of initial conditions. However, this approach can be overly restrictive because it requires the infinitesimal generator, which dictates the expected value evolution of a stochastic process, to be non-positive; i.e., the barrier function is restricted to be a supermartingale.
The paper [9] relaxes this condition and instead provides a barrier certificate that only requires the infinitesimal generator of the barrier process to be upper-bounded by a constant. Such processes are called c-martingales and allow the expected value of the barrier function to increase over time. This approach results in a safety probability bound for finite time horizons. Recent work in [10] leverages c-martingales for temporal logic verification of discrete-time systems.
The present paper also studies the problem of verifying safety of stochastic systems on finite time horizons, and the contributions are as follows. First, we build on the approaches proposed in [1, 9] and propose a barrier certificate constraint that imposes a state-dependent bound on the infinitesimal generator. This bound was originally proposed and studied by Kushner in [11, 12]. The proposed barrier certificate allows the expected value of the barrier to increase and covers the c-martingale condition of [9] as a special case. However, our formulation also accounts for the system dynamics in the infinitesimal generator constraint. This allows for probability bounds that are no worse than the c-martingale condition, and in many cases, especially with high noise levels, provides better probability bounds.
Second, as in [1, 9], we compute barrier functions using sum-of-squares (SOS) optimization. Like in [1], but unlike [9], we utilize polynomial barrier functions. This provides a simpler formulation of the probability of failure on a finite time horizon when compared to the approach in [9] which uses exponential barrier functions and, empirically, provides tighter probability bounds.
Third, we extend our formulation to allow for control inputs and provide a method for synthesizing a safe controller. In particular, we consider affine-in-control systems and the proposed approach searches for a polynomial state feedback controller which ensures a system’s failure probability achieves a predetermined criterion via a stochastic control barrier function.
This paper is organized as follows: Section II covers the background information of stochastic differential equations, barrier functions and SOS optimization. Section III covers the problem which we are solving in detail. Section IV highlights the methodology we utilize to solve the SOS optimization and stochastic control problem. Section V and Section VI present numerical case studies which illustrate our results and conclusions, respectively.
II Preliminaries
In this section we first introduce our state space definitions as well as background information regarding stochastic processes, barrier functions, and SOS polynomials.
II-A Stochastic Process
Consider a complete probability space () and a standard Wiener process, in . We consider stochastic processes satisfying a stochastic differential equation of the form
[TABLE]
The compact set is the system state space, is the drift rate and is the diffusion term. We assume the functions and are Lipschitz continuous. The stochastic process is a right continuous strong Markov process [13]. We now introduce the infinitesimal generator, which extends the usual definition of a time derivative to instead consider the expectation of a function of a random process.
Definition 1**.**
Let be a stochastic process in . The infinitesimal generator of acts on functions of the state space and is defined as
[TABLE]
where such that the limit exists for all .
In particular, the infinitesimal generator for any process as in (1) is of the form shown in Fact 1.
Fact 1** (Ch. 7, Theorem 7.3.3 of [13]).**
Let be a stochastic process satisfying (1), then the infinitesimal generator of some twice differentiable function is given by
[TABLE]
The stochastic process is not guaranteed to lie in at all times which leads us to define the stopped process .
Definition 2**.**
Suppose that is the first time of exit of from the open set Int(). Then the stopped process is defined by [1]
[TABLE]
It is worth noting that the stopped process inherits the same strong Markovian property of and shares the same infinitesimal generator [11].
II-B Barrier Functions
Consider an unsafe region of the state space and a set of initial conditions . In a similar spirit to Lyapunov functions, barrier functions are utilized as a means of guaranteeing a desired behavior on some region of a system’s domain defined as a sub-level set (or super-level set) of the barriers. In that regard, stochastic barrier functions have been introduced to upper bound the probability of exiting a safe region over an infinite time-horizon.
Proposition 1** (Theorem 15 from [1]).**
Given a stochastic differential equation of the form of (1) and the sets , , and with and locally Lipschitz continuous, consider the stopped process . Suppose there exists a twice differentiable function such that
[TABLE]
[TABLE]
[TABLE]
[TABLE]
Then, the probability of the system entering the unsafe region of the state space is bounded by
[TABLE]
where is the initial state of the system.
This theorem provides a powerful means of bounding the probability of failure of a stochastic process on an infinite time horizon. However, we note that the inequality condition (5), also referred to as the barrier certificate, imposes that is a supermartingale. This inequality enforces that the expectation of the barrier function decreases at all points of . In practice, this is often overly restrictive on the system dynamics. For example, it has been shown that no supermartingale exists on a bounded set where the system’s noise does not vanish [11]. In Section III, we present a relaxed version of this theorem with its respective probability bounds for finite-time horizons.
II-C Sum-of-Squares
Definition 3**.**
Define as the set of all polynomials in . Then
[TABLE]
is the set of SOS polynomials. It is noted that if then .
Definition 4**.**
Given for , the problem of finding for and for such that
[TABLE]
is a sum-of-squares program (SOSP). SOSPs can be efficiently converted to semidefinite programs using tools such as SOSTOOLS [14].
III Problem Formulation
The problem we address is: how do we create a bound on the probability a stochastic system of form (1) exits a safe region during a finite-time horizon?
Objectives: First, our goal in this paper is to relax the supermartingale condition on the barrier certificate in (5) similar to what is shown in [9]. Second, based on that relaxation, we aim to derive a state-feedback controller ensuring a user-specified upper bound on the probability of exiting a safe region in the state space.
Consider the stochastic process which satisfies the stochastic differential equation
[TABLE]
where , , and is a -dimensional Wiener process. Additionally, where is a state dependent control input. We define .
Now, we relax the supermartingale condition shown in (5). The following theorem is an immediate corollary of Chapter 3, Theorem 1 in [11].
Theorem 1**.**
Given the stochastic differential equation shown in (7) and the sets , with and locally Lipschitz continuous, where is some feedback control strategy. Consider the stopped process . Suppose there exists a twice differentiable function such that
[TABLE]
[TABLE]
[TABLE]
[TABLE]
for some , and . Define
[TABLE]
Then
- •
If and ,
[TABLE]
- •
If and ,
[TABLE]
- •
If ,
[TABLE]
The bound shown in (15) is characterized in [10] and [9] as the upper bound on the probability of being unsafe for a c-martingale.
If satisfies the conditions of Theorem 1, then is called a stochastic control barrier function for a given control policy . Relaxing the supermartingale condition on the infinitesimal generator in the fashion of Theorem 1 gives three case-dependent finite time probability bounds on a system’s likelihood of entering an unsafe region in the form of (13), (14), and (15).
Remark 1**.**
If the initial state is not known exactly but only known to lie within , then can be substituted for in the probability bounds in Theorem 1. This provides an upper bound on the probability of failure over the entire set of initial conditions rather than on a particular initial point in .
IV Methodology
In this section we present our approach to construct the stochastic control barrier functions based on the problem formulation of Section II. First, we adapt the constraints given in Theorem 1 to be formulated as an SOSP. Second, we cover the algorithms which construct barrier functions and present our method for computing a low-energy control policy .
IV-A SOS Formulation for Safety Verification
Theorem 2**.**
Consider a system of the form of (7) and the sets , , and and assume these sets can be described as , , and for some polynomials , , and . Suppose there exists a polynomial , a polynomial , and SOS polynomials , , and that satisfy the following
[TABLE]
[TABLE]
[TABLE]
[TABLE]
where . Then, the probability of failure, depending on the values of and , is defined by (13), (14) or (15).
We omit the proof due to space constraints, but the proof follows the general approach for relaxing set constraints to SOS programs using the Positivstellensatz condition; see the documentation of [14] for details.
IV-B Barrier Function Numerical Procedure
Next, we present an algorithmic solution to this problem. Algorithm 1 computes the barrier function used to quantify an upper bound on the failure probability. The input values are the lower range value, upper range value, diffusion term, control polynomial, and the order of the polynomial, respectively. Our algorithm performs a grid search over a range of scalar with value spacing ,which are design parameters. Next, the SOSP is encoded using the constraints shown in Theorem 2. Lastly, as the SOSP is run, the algorithm returns a function, , that is evaluated at any and utilized to compute the probability, , using (13), (14) or (15). The degree of is a design parameter; however, higher order polynomials tend to produce tighter bounds. Well refined bounds (i.e. higher order polynomials) present themselves with the trade-off of longer computational times versus probability of failure refinement.
The objective of the SOSP in Algorithm 1 is set to minimize the value, . Minimizing is a consensus objective which may not be the best one but provides a means of avoiding bi-linear programs.
IV-C Controller Synthesis Procedure
In general, when searching for a control policy, we are aiming for a polynomial of the same or lower order of such that the upper bound on the probability of failure reduces to a designer specified value. First, we write the polynomial in quadratic form as
[TABLE]
where is a vector of monomials in of a specified order and is a coefficient matrix of appropriate dimensions. Because there likely exist many feasible controllers ensuring the desired probability of failure, we introduce a cost criterion to choose among them. We approximate the energy of a particular control policy via a proxy measure. In this case, the proxy is the non-negative scalar, , such that the following vector element-wise constraints
[TABLE]
[TABLE]
hold where is the vector form of matrix and is the vector of ones of appropriate dimension. We choose the cost to minimize the coefficients appearing in the polynomial controller to encourage lower control effort. This objective and procedure are highlighted in Algorithm 2.
Algorithm 3 takes and as arguments. These variables are the goal probability, diffusion term, multiplier on , barrier polynomial order, control polynomial order and a small offset, respectively. Once the procedure begins, it runs until the probability of failure is within of the predefined goal probability. It is possible to use other conditions to determine whether the algorithm should continue to run such as computing the change in optimal scalar value, , between iterations. Additionally, the algorithm may be sped up by using a floor value for . Initially, a polynomial barrier of a specified polynomial power is computed given no control policy (i.e. ). Generally speaking, as in our case studies, we are interested in systems where the probability of failure with no control action is above the goal probability.
Next, if the probability of failure is greater than then we compute a scaled down value multiplied by . If the failure probability is less than then we scale up the by . The intuition behind this comes from analyzing the probability bounds (13), (14) or (15). In general, a lower reduces our failure probability, thus when searching for a scaled version of can be used. The values of and are also design parameters.
V Case Studies
In this section, we first present a simple academic example to illustrate the our technique. Second, we present a nonlinear example to demonstrate the versatility of our approach. Both case studies are compared to a Monte Carlo simulation which is considered ground truth. We utilize SOSTOOLS [14] which converts our SOSP into semidefinite programs. Our choice of solver is the semidefinite program solver SDPT3 [15, 16]. These case studies were conducted on a 2.3 GHz Intel Core i5 computer with 8GB of memory.111The Matlab source code for the two case studies is contained at https://github.com/gtfactslab/stochasticbarrierfunctions
V-A 1-D Stochastic System
Consider a 1-D stochastic control affine system of the form
[TABLE]
This is of the same form as (7) where and . We define our state space as , , and . First, we benchmark the probability of failure without a control input (i.e. ) for a finite time horizon of . Thus, to do so, we follow the procedure outlined in Algorithm 1. We grid search over a defined range of values for the constant . In this particular example, our with in Algorithm 1.
We choose to search for of the 16th degree. Additionally, we reproduce the c-martingale bound presented in [9, Algorithm 3]. Lastly, we benchmark against the true probability of failure created via a 5000 draw Monte Carlo simulation. The results are presented in Fig. The 1.
In Fig. 1, we see that our polynomial bound on the probability of failure performs better than the bound from [9] generated using the c-martingale condition that is not state dependent. The difference is particularly notable at higher noise levels where the exponential bound from [9] becomes trivial, i.e., greater than or equal to one.
Next, we address the control problem of achieving a particular bound on the probability of failure of this system. We choose a desired failure probability . We restrict our attention to a linear controller of the form . Our search for a low-energy controller which successfully fulfills the design requirement follows a modified binary search version of Algorithm 3.
Fig. 2 plots achieving the desired failure probability bound for . Here, we note that the degree of barrier function for which we search greatly affects the control gain needed to achieve the control objective. In some sense, searching for a higher-order polynomial refines the probability of failure bound requiring lower control effort; however, these high order polynomials require more computation time. Eventually, the degree of the polynomial reaches a saturation point where it does not further decrease the required.
V-B Nonlinear Dynamics
Consider the stochastic non-linear dynamics
[TABLE]
This system is studied in [17] without the input term .
We define our state space as , , and . A sample trajectory of (18)–(19) is illustrated in Fig. 3. Additionally, level sets of are projected onto the state space. In this illustration, is computed with solely using Algorithm 1. Here, we see that the values for the barrier function abide by the definitions of Theorem 1. In this particular trajectory illustration, the evolution of system noise is enough for the system to enter the predefined unsafe set; however, this is not always the case. To illustrate this, we compute a Monte Carlo simulation of the system dynamics shown. Additionally, an upper bound is computed on the probability of becoming unsafe given our initial condition and illustrated in Fig. 4. While we encode a set of initial conditions into the SOSP, we evaluate the probability bound at the same initial point, , as the Monte Carlo simulation.
The design specification for this example is to reduce the probability of failure bound to for specified noise levels. For this example we create a 2nd order polynomial controller of the form of (16). We look to minimize the constant, , highlighted in Algorithm 2. We run the search algorithm for select noise levels, specified values, and present the results in Table 1. The values in this table originate from the initial (i.e. ) probability bound computation.
VI Conclusion
We consider control barrier functions whose existence gives a means of quantifying an upper bound on a system’s probability of failure. Additionally, we present a novel, state dependent approach to the problem of finite-time verification which further relaxes the constraint on the evolution of the expected value. Lastly, we synthesize a feedback control strategy such that a certain probability of failure criteria is met. We illustrate our methods with two case studies which demonstrate our ability to quantify system failure probabilities. In these case studies, we solve for the barrier function polynomials using SOS optimization and demonstrate our proposed approach outperforms existing methods.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] S. Prajna, A. Jadbabaie, and G. Pappas, “A framework for worst-case and stochastic safety verification using barrier certificates,” Automatic Control, IEEE Transactions on , vol. 52, no. 8, pp. 1415–1428, 2007.
- 2[2] P. Wieland and F. Allgöwer, “Constructive safety using control barrier functions,” IFAC Proceedings Volumes , vol. 40, no. 12, pp. 462–467, 2007.
- 3[3] A. D. Ames, X. Xu, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs for safety critical systems,” Automatic Control, IEEE Transactions on , vol. 62, no. 8, pp. 3861–3876, 2017.
- 4[4] A. D. Ames, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs with application to adaptive cruise control,” in IEEE Conference on Decision and Control (CDC) . IEEE, 2014, pp. 6271–6278.
- 5[5] L. Wang, A. D. Ames, and M. Egerstedt, “Safety barrier certificates for collisions-free multirobot systems,” Robotics, IEEE Transactions on , vol. 33, no. 3, pp. 661–674, 2017.
- 6[6] S.-C. Hsu, X. Xu, and A. D. Ames, “Control barrier function based quadratic programs with application to bipedal robotic walking,” in American Control Conference (ACC) . IEEE, 2015, pp. 4542–4548.
- 7[7] S. Kolathaya and A. D. Ames, “Input-to-state safety with control barrier functions,” vol. 3, no. 1, 2018.
- 8[8] A. Li, L. Wang, P. Pierpaoli, and M. Egerstedt, “Formally correct composition of coordinated behaviors using control barrier certificates,” IEEE/RSJ International Conference on Intelligent Robots and Systems , 2018.
