Efficient Dynamic Shielding for Parametric Safety Specifications

TL;DR

This paper introduces dynamic shielding techniques for parametric safety specifications in autonomous systems, enabling fast runtime adaptation to changing safety requirements without full recomputation.

Contribution

The paper presents a novel dynamic shielding algorithm that efficiently adapts to evolving safety specifications at runtime, improving over static and brute-force methods.

Findings

Dynamic shields adapt quickly at runtime, within seconds.

Offline design takes a few minutes, enabling real-time safety enforcement.

Dynamic shields outperform brute-force recomputation by up to 5 times in speed.

Abstract

Shielding has emerged as a promising approach for ensuring safety of AI-controlled autonomous systems. The algorithmic goal is to compute a shield, which is a runtime safety enforcement tool that needs to monitor and intervene the AI controller's actions if safety could be compromised otherwise. Traditional shields are designed statically for a specific safety requirement. Therefore, if the safety requirement changes at runtime due to changing operating conditions, the shield needs to be recomputed from scratch, causing delays that could be fatal. We introduce dynamic shields for parametric safety specifications, which are succinctly represented sets of all possible safety specifications that may be encountered at runtime. Our dynamic shields are statically designed for a given safety parameter set, and are able to dynamically adapt as the true safety specification (permissible by the parameters) is revealed at runtime. The main algorithmic novelty lies in the dynamic adaptation procedure, which is a simple and fast algorithm that utilizes known features of standard safety shields, like maximal permissiveness. We report experimental results for a robot navigation problem in unknown territories, where the safety specification evolves as new obstacles are discovered at runtime. In our experiments, the dynamic shields took a few minutes for their offline design, and took between a fraction of a second and a few seconds for online adaptation at each step, whereas the brute-force online recomputation approach was up to 5 times slower.