Confidence Composition for Monitors of Verification Assumptions

TL;DR

This paper introduces CoCo, a framework that combines confidence monitors to predict safety violations in verified cyber-physical systems with neural network controllers, ensuring better calibration and reliability.

Contribution

The paper proposes a novel three-step confidence composition framework for monitoring verification assumptions in cyber-physical systems.

Findings

Compositional monitors are better calibrated than individual monitors.

The framework successfully predicts safety violations in case studies.

Provides theoretical bounds on calibration and conservatism.

Abstract

Closed-loop verification of cyber-physical systems with neural network controllers offers strong safety guarantees under certain assumptions. It is, however, difficult to determine whether these guarantees apply at run time because verification assumptions may be violated. To predict safety violations in a verified system, we propose a three-step confidence composition (CoCo) framework for monitoring verification assumptions. First, we represent the sufficient condition for verified safety with a propositional logical formula over assumptions. Second, we build calibrated confidence monitors that evaluate the probability that each assumption holds. Third, we obtain the confidence in the verification guarantees by composing the assumption monitors using a composition function suitable for the logical formula. Our CoCo framework provides theoretical bounds on the calibration and conservatism of compositional monitors. Two case studies show that compositional monitors are calibrated better than their constituents and successfully predict safety violations.