Confidence Composition for Monitors of Verification Assumptions
This addresses safety assurance for cyber-physical systems, but it is incremental as it builds on existing verification methods.
The paper tackles the problem of predicting safety violations in verified cyber-physical systems with neural network controllers by proposing a confidence composition (CoCo) framework to monitor verification assumptions, showing in case studies that it improves calibration and successfully predicts violations.
Closed-loop verification of cyber-physical systems with neural network controllers offers strong safety guarantees under certain assumptions. It is, however, difficult to determine whether these guarantees apply at run time because verification assumptions may be violated. To predict safety violations in a verified system, we propose a three-step confidence composition (CoCo) framework for monitoring verification assumptions. First, we represent the sufficient condition for verified safety with a propositional logical formula over assumptions. Second, we build calibrated confidence monitors that evaluate the probability that each assumption holds. Third, we obtain the confidence in the verification guarantees by composing the assumption monitors using a composition function suitable for the logical formula. Our CoCo framework provides theoretical bounds on the calibration and conservatism of compositional monitors. Two case studies show that compositional monitors are calibrated better than their constituents and successfully predict safety violations.