We develop a risk-averse safety analysis method for stochastic systems on discrete infinite time horizons. Our method quantifies the notion of risk for a control system in terms of the severity of a harmful random outcome in a fraction of worst cases, whereas classical methods quantify risk in terms of probabilities. The theoretical arguments are based on the analysis of a value iteration algorithm on an augmented state space. We provide conditions to guarantee the existence of an optimal policy on this space. We illustrate the method numerically using an example from the domain of stormwater management.
Given a stochastic dynamical system modelled via stochastic differential equations (SDEs), we evaluate the safety of the system through characterisations of its exit time moments. We lift the (possibly nonlinear) dynamics into the space of the occupation and exit measures to obtain a set of linear evolution equations which depend on the infinitesimal generator of the SDE. Coupled with appropriate semidefinite positive matrix constraints, this yields a moment-based approach for the computation of exit time moments of SDEs with polynomial drift and diffusion dynamics. To extend the capability of the moment approach, we propose a state augmentation method which allows us to generate the evolution equations for a broader class of nonlinear stochastic systems and apply the moment method to previously unsupported dynamics. In particular, we show a general augmentation strategy for sinusoidal dynamics which can be found in most physical systems. We employ the methodology on an Ornstein-Uhlenbeck process and stochastic spring-mass-damper model to characterise their safety via their expected exit times and show the additional exit distribution insights that are afforded through higher order moments.
Model-based fault injection methods are widely used for the evaluation of fault tolerance in safety-critical control systems. In this paper, we introduce a new model-based fault injection method implemented as a highlycustomizable Simulink block called FIBlock. It supports the injection of typical faults of essential heterogeneous components of Cyber-Physical Systems, such as sensors, computing hardware, and network. The FIBlock GUI allows the user to select a fault type and configure multiple parameters to tune error magnitude, fault activation time, and fault exposure duration. Additional trigger inputs and outputs of the block enable the modeling of conditional faults. Furthermore, two or more FIBlocks connected with these trigger signals can model chained errors. The proposed fault injection method is demonstrated with a lower-limb EXO-LEGS exoskeleton, an assistive device for the elderly in everyday life. The EXO-LEGS model-based dynamic control is realized in the Simulink environment and allows easy integration of the aforementioned FIBlocks. Exoskeletons, in general, being a complex CPS with multiple sensors and actuators, are prone to hardware and software faults. In the case study, three types of faults were investigated: 1) sensor freeze, 2) stuck-at-0, 3) bit-flip. The fault injection experiments helped to determine faults that have the most significant effects on the overall system reliability and identify the fine line for the critical fault duration after that the controller could no longer mitigate faults.
Stability and safety are two important aspects in safety-critical control of dynamical systems. It has been a well established fact in control theory that stability properties can be characterized by Lyapunov functions. Reachability properties can also be naturally captured by Lyapunov functions for finite-time stability. Motivated by safety-critical control applications, such as in autonomous systems and robotics, there has been a recent surge of interests in characterizing safety properties using barrier functions. Lyapunov and barrier functions conditions, however, are sometimes viewed as competing objectives. In this paper, we provide a unified theoretical treatment of Lyapunov and barrier functions in terms of converse theorems for stability properties with safety guarantees and reach-avoid-stay type specifications. We show that if a system (modeled as a perturbed dynamical system) possesses a stability with safety property, then there exists a smooth Lyapunov function to certify such a property. This Lyapunov function is shown to be defined on the entire set of initial conditions from which solutions satisfy this property. A similar but slightly weaker statement is made for reach-avoid-stay specifications. We show by a simple example that the latter statement cannot be strengthened without additional assumptions.
Risk-sensitive safety analysis is a safety analysis method for stochastic systems on Borel spaces that uses a risk functional from finance called Conditional Value-at-Risk (CVaR). CVaR provides a particularly expressive way to quantify the safety of a control system, as it represents the average cost in a fraction of worst cases. In prior work, the notion of a risk-sensitive safe set was defined in terms of a non-standard optimal control problem, in which a maximum cost is assessed via CVaR. Here, we provide a method to compute risk-sensitive safe sets exactly in principle by utilizing a state-space augmentation technique. In addition, we prove the existence of an optimal pre-commitment policy under a measurable selection condition. The proposed framework assumes continuous system dynamics and cost functions, but is otherwise flexible. In particular, it can accommodate probabilistic control policies, fairly general disturbance distributions, and control-dependent, non-monotonic, and non-convex stage costs. We demonstrate how risk-sensitive safety analysis is useful for a stormwater infrastructure application. Our numerical examples are inspired by current challenges that cities face in managing precipitation uncertainty.
We study a linear-quadratic, optimal control problem on a discrete, finite time horizon with distributional ambiguity, in which the cost is assessed via Conditional Value-at-Risk (CVaR). We take steps toward deriving a scalable dynamic programming approach to upper-bound the optimal value function for this problem. This dynamic program yields a novel, tunable risk-averse control policy, which we compare to existing state-of-the-art methods.