Safety Shielding under Delayed Observation

TL;DR

This paper introduces delay-resilient shields for autonomous agents that guarantee safety despite input delays, with algorithms and heuristics to minimize interference, validated through implementation in a driving simulator.

Contribution

It proposes the first synthesis algorithms for delay-resilient shields and integrates them into a realistic driving simulator for safety-critical scenarios.

Findings

Shields guarantee safety under worst-case input delays.

Heuristics effectively minimize future shield interferences.

Implementation demonstrates practical applicability in autonomous driving.

Abstract

Agents operating in physical environments need to be able to handle delays in the input and output signals since neither data transmission nor sensing or actuating the environment are instantaneous. Shields are correct-by-construction runtime enforcers that guarantee safe execution by correcting any action that may cause a violation of a formal safety specification. Besides providing safety guarantees, shields should interfere minimally with the agent. Therefore, shields should pick the safe corrective actions in such a way that future interferences are most likely minimized. Current shielding approaches do not consider possible delays in the input signals in their safety analyses. In this paper, we address this issue. We propose synthesis algorithms to compute \emph{delay-resilient shields} that guarantee safety under worst-case assumptions on the delays of the input signals. We also introduce novel heuristics for deciding between multiple corrective actions, designed to minimize future shield interferences caused by delays. As a further contribution, we present the first integration of shields in a realistic driving simulator. We implemented our delayed shields in the driving simulator \textsc{Carla}. We shield potentially unsafe autonomous driving agents in different safety-critical scenarios and show the effect of delays on the safety analysis.