Robot Control Using Path Integral Policy Improvement and Deep Dynamics Models / Robotstyrning med Vägenintegrerad Politikförbättring och Djupa Dynamik Modeller

Shi, Haoxiang

January 2021

Robotics is an interdisciplinary field that integrates computer science, electrical engineering, mechanical engineering, control engineering and other related fields. As the quick development of these fields, people have been building more complex robots with more advanced control strategies in order to solve more challenging tasks. In addition, it is always a target for researchers to achieve autonomous operation of robots so that the manpower can be saved and the robot can work in harsh environment like on Mars. In this project, I focus on the trajectory planning problem of a unicycle model running in 2D environment. I choose Path Integral Policy Improvement (PI2) control algorithm in this project as the main study object. And Model Predictive Control (MPC) is chosen as a reference in order to be compared with PI2 to evaluate the performance of PI2. In order to simulate the tasks that the robot needs to handle in practice, I use obstacles to represent the complex environment and I use Signal Temporal Logic (STL) to represent the complex tasks. Furthermore, I also incorporate the deep dynamics model in the project so that the the method put forward in this project is able to handle complex robot models and complex working environments. To evaluate the performances of PI2 and MPC, five criteria are put forward in this project. Finally, based on the evaluation results, possible improvement and future research are proposed. / Robotics är ett tvärvetenskapligt område som integrerar datavetenskap, elektroteknik, maskinteknik, styrteknik och andra relaterade områden. Som den snabba utvecklingen av dessa fält har människor byggt mer komplexa robotar med mer avancerade kontrollstrategier för att lösa mer utmanande uppgifter. Dessutom är det alltid ett mål för forskare att uppnå autonom drift av robotar så att arbetskraften kan sparas och roboten kan arbeta i tuffa miljöer som på Mars. I det här projektet fokuserar jag på banplaneringsproblemet för en enhjulingsmodell som körs i 2D-miljö. Jag väljer Path Integral Policy Improvement (PI2) kontrollalgoritm i detta projekt som huvudstudieobjekt. Och Model Predictive Control (MPC) väljs som referens för att kunna jämföras med PI2 för att utvärdera prestandan för PI2. För att simulera de uppgifter som roboten behöver hantera i praktiken använder jag hinder för att representera den komplexa miljön och jag använder Signal Temporal Logic (STL) för att representera de komplexa uppgifterna. Dessutom införlivar jag också den djupa dynamikmodellen i projektet så att metoden som läggs fram i detta projekt kan hantera komplexa robotmodeller och komplexa arbetsmiljöer. För att utvärdera prestanda för PI2 och MPC presenteras fem kriterier i detta projekt. Slutligen, baserat på utvärderingsresultaten, föreslås möjliga förbättringar och framtida forskning.

Path integral policy improvement

Model predictive control

Deep dynamics model

Signal temporal logic

Path planning

Vägförbättrad policy förbättring

modellprädiktive kontroll

djup dynamik modell

signal temporal logik

banplanering

Elektroteknik och elektronik

Enhancing Trust in Autonomous Systems without Verifying Software

Stamenkovich, Joseph Allan

12 June 2019

The complexity of the software behind autonomous systems is rapidly growing, as are the applications of what they can do. It is not unusual for the lines of code to reach the millions, which adds to the verification challenge. The machine learning algorithms involved are often "black boxes" where the precise workings are not known by the developer applying them, and their behavior is undefined when encountering an untrained scenario. With so much code, the possibility of bugs or malicious code is considerable. An approach is developed to monitor and possibly override the behavior of autonomous systems independent of the software controlling them. Application-isolated safety monitors are implemented in configurable hardware to ensure that the behavior of an autonomous system is limited to what is intended. The sensor inputs may be shared with the software, but the output from the monitors is only engaged when the system violates its prescribed behavior. For each specific rule the system is expected to follow, a monitor is present processing the relevant sensor information. The behavior is defined in linear temporal logic (LTL) and the associated monitors are implemented in a field programmable gate array (FPGA). An off-the-shelf drone is used to demonstrate the effectiveness of the monitors without any physical modifications to the drone. Upon detection of a violation, appropriate corrective actions are persistently enforced on the autonomous system. / Master of Science / Autonomous systems are surprisingly vulnerable, not just from malicious hackers, but from design errors and oversights. The lines of code required can quickly climb into the millions, and the artificial decision algorithms can be inscrutable and fully dependent upon the information they are trained on. These factors cause the verification of the core software running our autonomous cars, drones, and everything else to be prohibitively difficult by traditional means. Independent safety monitors are implemented to provide internal oversight for these autonomous systems. A semi-automatic design process efficiently creates error-free monitors from safety rules drones need to follow. These monitors remain separate and isolated from the software typically controlling the system, but use the same sensor information. They are embedded in the circuitry and act as their own small, task-specific processors watching to make sure a particular rule is not violated; otherwise, they take control of the system and force corrective behavior. The monitors are added to a consumer off-the-shelf (COTS) drone to demonstrate their effectiveness. For every rule monitored, an override is triggered when they are violated. Their effectiveness depends on reliable sensor information as with any electronic component, and the completeness of the rules detailing these monitors.

Autonomy

Runtime Verification

Field programmable gate arrays

Field Programmable Gate Array

Monitor

Formal Methods

UAS

Drone aircraft

Security

Linear Temporal Logic

LTL

High-Level Synthesis

HLS

monitor

model

checking

drone

malware

assurance

robotics

firmware

hardware

On model-checking pushdown systems models / Vérification de modèles de systèmes à pile

Pommellet, Adrien

05 July 2018

Cette thèse introduit différentes méthodes de vérification (ou model-checking) sur des modèles de systèmes à pile. En effet, les systèmes à pile (pushdown systems) modélisent naturellement les programmes séquentiels grâce à une pile infinie qui peut simuler la pile d'appel du logiciel. La première partie de cette thèse se concentre sur la vérification sur des systèmes à pile de la logique HyperLTL, qui enrichit la logique temporelle LTL de quantificateurs universels et existentiels sur des variables de chemin. Il a été prouvé que le problème de la vérification de la logique HyperLTL sur des systèmes d'états finis est décidable ; nous montrons que ce problème est en revanche indécidable pour les systèmes à pile ainsi que pour la sous-classe des systèmes à pile visibles (visibly pushdown systems). Nous introduisons donc des algorithmes d'approximation de ce problème, que nous appliquons ensuite à la vérification de politiques de sécurité. Dans la seconde partie de cette thèse, dans la mesure où la représentation de la pile d'appel par les systèmes à pile est approximative, nous introduisons les systèmes à surpile (pushdown systems with an upper stack) ; dans ce modèle, les symboles retirés de la pile d'appel persistent dans la zone mémoire au dessus du pointeur de pile, et peuvent être plus tard écrasés par des appels sur la pile. Nous montrons que les ensembles de successeurs post* et de prédécesseurs pre* d'un ensemble régulier de configurations ne sont pas réguliers pour ce modèle, mais que post* est toutefois contextuel (context-sensitive), et que l'on peut ainsi décider de l'accessibilité d'une configuration. Nous introduisons donc des algorithmes de sur-approximation de post* et de sous-approximation de pre*, que nous appliquons à la détection de débordements de pile et de manipulations nuisibles du pointeur de pile. Enfin, dans le but d'analyser des programmes avec plusieurs fils d'exécution, nous introduisons le modèle des réseaux à piles dynamiques synchronisés (synchronized dynamic pushdown networks), que l'on peut voir comme un réseau de systèmes à pile capables d'effectuer des changements d'états synchronisés, de créer de nouveaux systèmes à piles, et d'effectuer des actions internes sur leur pile. Le problème de l'accessibilité étant naturellement indécidable pour un tel modèle, nous calculons une abstraction des chemins d'exécutions entre deux ensembles réguliers de configurations. Nous appliquons ensuite cette méthode à un processus itératif de raffinement des abstractions. / In this thesis, we propose different model-checking techniques for pushdown system models. Pushdown systems (PDSs) are indeed known to be a natural model for sequential programs, as they feature an unbounded stack that can simulate the assembly stack of an actual program. Our first contribution consists in model-checking the logic HyperLTL that adds existential and universal quantifiers on path variables to LTL against pushdown systems (PDSs). The model-checking problem of HyperLTL has been shown to be decidable for finite state systems. We prove that this result does not hold for pushdown systems nor for the subclass of visibly pushdown systems. Therefore, we introduce approximation algorithms for the model-checking problem, and show how these can be used to check security policies. In the second part of this thesis, as pushdown systems can fail to accurately represent the way an assembly stack actually operates, we introduce pushdown systems with an upper stack (UPDSs), a model where symbols popped from the stack are not destroyed but instead remain just above its top, and may be overwritten by later push rules. We prove that the sets of successors post* and predecessors pre* of a regular set of configurations of such a system are not always regular, but that post* is context-sensitive, hence, we can decide whether a single configuration is forward reachable or not. We then present methods to overapproximate post* and under-approximate pre*. Finally, we show how these approximations can be used to detect stack overflows and stack pointer manipulations with malicious intent. Finally, in order to analyse multi-threaded programs, we introduce in this thesis a model called synchronized dynamic pushdown networks (SDPNs) that can be seen as a network of pushdown processes executing synchronized transitions, spawning new pushdown processes, and performing internal pushdown actions. The reachability problem for this model is obviously undecidable. Therefore, we compute an abstraction of the execution paths between two regular sets of configurations. We then apply this abstraction framework to a iterative abstraction refinement scheme.

Systèmes à pile

Automates à pile

LTL (Logique Temporelle Linéaire)

Hyper-propriétés

Automate à surpile

Pointeur de pile

Abstraction de Kleene

Model-checking

Pushdown systems

Pushdown automata

LTL ( Linear Temporal Logic)

Hyper-properties

Pushdown systems with an upper stack

Stack pointer

Synchronized dynamic pushdown networks

Kleene abstraction