Finding Safety Violations of AI-Enabled Control Systems through the Lens of Synthesized Proxy Programs

Given the increasing adoption of modern AI-enabled control systems, ensuring their safety and reliability has become a critical task in software testing. One prevalent approach to testing control systems is falsification, which aims to find an input signal that causes the control system to violate a...

Full description

Saved in:
Bibliographic Details
Published in:ACM transactions on software engineering and methodology 2025-01
Main Authors: Shi, Jieke, Yang, Zhou, He, Junda, Xu, Bowen, Kim, Dongsun, Han, DongGyun, Lo, David
Format: Article
Language:English
Subjects:
Computing methodologies
Control methods
Search-based software engineering
Software and its engineering
Software testing and debugging
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-a845-2478cf84ee3c0c8f9bae9311bb2848f0952577459cd581109ba5a8b59acb3eb53
container_end_page
container_issue
container_start_page
container_title ACM transactions on software engineering and methodology
container_volume
creator Shi, Jieke
Yang, Zhou
He, Junda
Xu, Bowen
Kim, Dongsun
Han, DongGyun
Lo, David
description Given the increasing adoption of modern AI-enabled control systems, ensuring their safety and reliability has become a critical task in software testing. One prevalent approach to testing control systems is falsification, which aims to find an input signal that causes the control system to violate a formal safety specification using optimization algorithms. However, applying falsification to AI-enabled control systems poses two significant challenges: (1) it requires the system to execute numerous candidate test inputs, which can be time-consuming, particularly for systems with AI models that have many parameters, and (2) multiple safety requirements are typically defined as a conjunctive specification, which is difficult for existing falsification approaches to comprehensively cover. This paper introduces Synthify, a falsification framework tailored for AI-enabled control systems, i.e., control systems equipped with AI controllers. Our approach performs falsification in a two-phase process. At the start, Synthify synthesizes a program that implements one or a few linear controllers to serve as a proxy for the AI controller. This proxy program mimics the AI controller's functionality but is computationally more efficient. Then, Synthify employs the \(\epsilon\) -greedy strategy to sample a promising sub-specification from the conjunctive safety specification. It then uses a Simulated Annealing-based falsification algorithm to find violations of the sampled sub-specification for the control system. To evaluate Synthify, we compare it to PSY-TaLiRo, a state-of-the-art and industrial-strength falsification tool, on 8 publicly available control systems. On average, Synthify achieves a 83.5% higher success rate in falsification compared to PSY-TaLiRo with the same budget of falsification trials. Additionally, our method is 12.8 \(\times\) faster in finding a single safety violation than the baseline. The safety violations found by Synthify are also more diverse than those found by PSY-TaLiRo, covering 137.7% more sub-specifications.
doi_str_mv 10.1145/3715105
format article
fullrecord <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3715105</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3715105</sourcerecordid><originalsourceid>FETCH-LOGICAL-a845-2478cf84ee3c0c8f9bae9311bb2848f0952577459cd581109ba5a8b59acb3eb53</originalsourceid><addsrcrecordid>eNo9kMFLwzAYxYMoOKd495Sbp2q-Jh9NjmNsOigobIi3kmTJVmkbSSpY_3o7Nr289z7ej-_wCLkF9gAg8JEXgMDwjEwAscgKrvLzMTOhMs7h_ZJcpfTBGHCWiwnxy7rb1t2OrrV3_UDf6tDovg5dosHT2SpbdNo0bkvnoetjaOh6SL1rE-33MXzt9qM7Wrojvh668Uz1z8i_xvA9HHQXdZuuyYXXTXI3J5-SzXKxmT9n5cvTaj4rMy0FZrkopPVSOMcts9Iro53iAMbkUkjPFOZYFAKV3aIEYGOPWhpU2hruDPIpuT--tTGkFJ2vPmPd6jhUwKrDOtVpnZG8O5Latv_QX_kL65FfvQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Finding Safety Violations of AI-Enabled Control Systems through the Lens of Synthesized Proxy Programs</title><source>Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)</source><creator>Shi, Jieke ; Yang, Zhou ; He, Junda ; Xu, Bowen ; Kim, Dongsun ; Han, DongGyun ; Lo, David</creator><creatorcontrib>Shi, Jieke ; Yang, Zhou ; He, Junda ; Xu, Bowen ; Kim, Dongsun ; Han, DongGyun ; Lo, David</creatorcontrib><description>Given the increasing adoption of modern AI-enabled control systems, ensuring their safety and reliability has become a critical task in software testing. One prevalent approach to testing control systems is falsification, which aims to find an input signal that causes the control system to violate a formal safety specification using optimization algorithms. However, applying falsification to AI-enabled control systems poses two significant challenges: (1) it requires the system to execute numerous candidate test inputs, which can be time-consuming, particularly for systems with AI models that have many parameters, and (2) multiple safety requirements are typically defined as a conjunctive specification, which is difficult for existing falsification approaches to comprehensively cover. This paper introduces Synthify, a falsification framework tailored for AI-enabled control systems, i.e., control systems equipped with AI controllers. Our approach performs falsification in a two-phase process. At the start, Synthify synthesizes a program that implements one or a few linear controllers to serve as a proxy for the AI controller. This proxy program mimics the AI controller's functionality but is computationally more efficient. Then, Synthify employs the \(\epsilon\) -greedy strategy to sample a promising sub-specification from the conjunctive safety specification. It then uses a Simulated Annealing-based falsification algorithm to find violations of the sampled sub-specification for the control system. To evaluate Synthify, we compare it to PSY-TaLiRo, a state-of-the-art and industrial-strength falsification tool, on 8 publicly available control systems. On average, Synthify achieves a 83.5% higher success rate in falsification compared to PSY-TaLiRo with the same budget of falsification trials. Additionally, our method is 12.8 \(\times\) faster in finding a single safety violation than the baseline. The safety violations found by Synthify are also more diverse than those found by PSY-TaLiRo, covering 137.7% more sub-specifications.</description><identifier>ISSN: 1049-331X</identifier><identifier>EISSN: 1557-7392</identifier><identifier>DOI: 10.1145/3715105</identifier><language>eng</language><publisher>New York, NY: ACM</publisher><subject>Computing methodologies ; Control methods ; Search-based software engineering ; Software and its engineering ; Software testing and debugging</subject><ispartof>ACM transactions on software engineering and methodology, 2025-01</ispartof><rights>Copyright held by the owner/author(s).</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-a845-2478cf84ee3c0c8f9bae9311bb2848f0952577459cd581109ba5a8b59acb3eb53</cites><orcidid>0000-0001-5938-1918 ; 0000-0002-1006-8493 ; 0000-0003-0272-6860 ; 0000-0002-4367-7201 ; 0000-0002-0799-5018 ; 0000-0003-3370-8585 ; 0000-0002-8599-2197</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Shi, Jieke</creatorcontrib><creatorcontrib>Yang, Zhou</creatorcontrib><creatorcontrib>He, Junda</creatorcontrib><creatorcontrib>Xu, Bowen</creatorcontrib><creatorcontrib>Kim, Dongsun</creatorcontrib><creatorcontrib>Han, DongGyun</creatorcontrib><creatorcontrib>Lo, David</creatorcontrib><title>Finding Safety Violations of AI-Enabled Control Systems through the Lens of Synthesized Proxy Programs</title><title>ACM transactions on software engineering and methodology</title><addtitle>ACM TOSEM</addtitle><description>Given the increasing adoption of modern AI-enabled control systems, ensuring their safety and reliability has become a critical task in software testing. One prevalent approach to testing control systems is falsification, which aims to find an input signal that causes the control system to violate a formal safety specification using optimization algorithms. However, applying falsification to AI-enabled control systems poses two significant challenges: (1) it requires the system to execute numerous candidate test inputs, which can be time-consuming, particularly for systems with AI models that have many parameters, and (2) multiple safety requirements are typically defined as a conjunctive specification, which is difficult for existing falsification approaches to comprehensively cover. This paper introduces Synthify, a falsification framework tailored for AI-enabled control systems, i.e., control systems equipped with AI controllers. Our approach performs falsification in a two-phase process. At the start, Synthify synthesizes a program that implements one or a few linear controllers to serve as a proxy for the AI controller. This proxy program mimics the AI controller's functionality but is computationally more efficient. Then, Synthify employs the \(\epsilon\) -greedy strategy to sample a promising sub-specification from the conjunctive safety specification. It then uses a Simulated Annealing-based falsification algorithm to find violations of the sampled sub-specification for the control system. To evaluate Synthify, we compare it to PSY-TaLiRo, a state-of-the-art and industrial-strength falsification tool, on 8 publicly available control systems. On average, Synthify achieves a 83.5% higher success rate in falsification compared to PSY-TaLiRo with the same budget of falsification trials. Additionally, our method is 12.8 \(\times\) faster in finding a single safety violation than the baseline. The safety violations found by Synthify are also more diverse than those found by PSY-TaLiRo, covering 137.7% more sub-specifications.</description><subject>Computing methodologies</subject><subject>Control methods</subject><subject>Search-based software engineering</subject><subject>Software and its engineering</subject><subject>Software testing and debugging</subject><issn>1049-331X</issn><issn>1557-7392</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2025</creationdate><recordtype>article</recordtype><recordid>eNo9kMFLwzAYxYMoOKd495Sbp2q-Jh9NjmNsOigobIi3kmTJVmkbSSpY_3o7Nr289z7ej-_wCLkF9gAg8JEXgMDwjEwAscgKrvLzMTOhMs7h_ZJcpfTBGHCWiwnxy7rb1t2OrrV3_UDf6tDovg5dosHT2SpbdNo0bkvnoetjaOh6SL1rE-33MXzt9qM7Wrojvh668Uz1z8i_xvA9HHQXdZuuyYXXTXI3J5-SzXKxmT9n5cvTaj4rMy0FZrkopPVSOMcts9Iro53iAMbkUkjPFOZYFAKV3aIEYGOPWhpU2hruDPIpuT--tTGkFJ2vPmPd6jhUwKrDOtVpnZG8O5Latv_QX_kL65FfvQ</recordid><startdate>20250127</startdate><enddate>20250127</enddate><creator>Shi, Jieke</creator><creator>Yang, Zhou</creator><creator>He, Junda</creator><creator>Xu, Bowen</creator><creator>Kim, Dongsun</creator><creator>Han, DongGyun</creator><creator>Lo, David</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0001-5938-1918</orcidid><orcidid>https://orcid.org/0000-0002-1006-8493</orcidid><orcidid>https://orcid.org/0000-0003-0272-6860</orcidid><orcidid>https://orcid.org/0000-0002-4367-7201</orcidid><orcidid>https://orcid.org/0000-0002-0799-5018</orcidid><orcidid>https://orcid.org/0000-0003-3370-8585</orcidid><orcidid>https://orcid.org/0000-0002-8599-2197</orcidid></search><sort><creationdate>20250127</creationdate><title>Finding Safety Violations of AI-Enabled Control Systems through the Lens of Synthesized Proxy Programs</title><author>Shi, Jieke ; Yang, Zhou ; He, Junda ; Xu, Bowen ; Kim, Dongsun ; Han, DongGyun ; Lo, David</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a845-2478cf84ee3c0c8f9bae9311bb2848f0952577459cd581109ba5a8b59acb3eb53</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2025</creationdate><topic>Computing methodologies</topic><topic>Control methods</topic><topic>Search-based software engineering</topic><topic>Software and its engineering</topic><topic>Software testing and debugging</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Shi, Jieke</creatorcontrib><creatorcontrib>Yang, Zhou</creatorcontrib><creatorcontrib>He, Junda</creatorcontrib><creatorcontrib>Xu, Bowen</creatorcontrib><creatorcontrib>Kim, Dongsun</creatorcontrib><creatorcontrib>Han, DongGyun</creatorcontrib><creatorcontrib>Lo, David</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on software engineering and methodology</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Shi, Jieke</au><au>Yang, Zhou</au><au>He, Junda</au><au>Xu, Bowen</au><au>Kim, Dongsun</au><au>Han, DongGyun</au><au>Lo, David</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Finding Safety Violations of AI-Enabled Control Systems through the Lens of Synthesized Proxy Programs</atitle><jtitle>ACM transactions on software engineering and methodology</jtitle><stitle>ACM TOSEM</stitle><date>2025-01-27</date><risdate>2025</risdate><issn>1049-331X</issn><eissn>1557-7392</eissn><abstract>Given the increasing adoption of modern AI-enabled control systems, ensuring their safety and reliability has become a critical task in software testing. One prevalent approach to testing control systems is falsification, which aims to find an input signal that causes the control system to violate a formal safety specification using optimization algorithms. However, applying falsification to AI-enabled control systems poses two significant challenges: (1) it requires the system to execute numerous candidate test inputs, which can be time-consuming, particularly for systems with AI models that have many parameters, and (2) multiple safety requirements are typically defined as a conjunctive specification, which is difficult for existing falsification approaches to comprehensively cover. This paper introduces Synthify, a falsification framework tailored for AI-enabled control systems, i.e., control systems equipped with AI controllers. Our approach performs falsification in a two-phase process. At the start, Synthify synthesizes a program that implements one or a few linear controllers to serve as a proxy for the AI controller. This proxy program mimics the AI controller's functionality but is computationally more efficient. Then, Synthify employs the \(\epsilon\) -greedy strategy to sample a promising sub-specification from the conjunctive safety specification. It then uses a Simulated Annealing-based falsification algorithm to find violations of the sampled sub-specification for the control system. To evaluate Synthify, we compare it to PSY-TaLiRo, a state-of-the-art and industrial-strength falsification tool, on 8 publicly available control systems. On average, Synthify achieves a 83.5% higher success rate in falsification compared to PSY-TaLiRo with the same budget of falsification trials. Additionally, our method is 12.8 \(\times\) faster in finding a single safety violation than the baseline. The safety violations found by Synthify are also more diverse than those found by PSY-TaLiRo, covering 137.7% more sub-specifications.</abstract><cop>New York, NY</cop><pub>ACM</pub><doi>10.1145/3715105</doi><orcidid>https://orcid.org/0000-0001-5938-1918</orcidid><orcidid>https://orcid.org/0000-0002-1006-8493</orcidid><orcidid>https://orcid.org/0000-0003-0272-6860</orcidid><orcidid>https://orcid.org/0000-0002-4367-7201</orcidid><orcidid>https://orcid.org/0000-0002-0799-5018</orcidid><orcidid>https://orcid.org/0000-0003-3370-8585</orcidid><orcidid>https://orcid.org/0000-0002-8599-2197</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1049-331X
ispartof ACM transactions on software engineering and methodology, 2025-01
issn 1049-331X
1557-7392
language eng
recordid cdi_crossref_primary_10_1145_3715105
source Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)
subjects Computing methodologies
Control methods
Search-based software engineering
Software and its engineering
Software testing and debugging
title Finding Safety Violations of AI-Enabled Control Systems through the Lens of Synthesized Proxy Programs
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-06T05%3A11%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Finding%20Safety%20Violations%20of%20AI-Enabled%20Control%20Systems%20through%20the%20Lens%20of%20Synthesized%20Proxy%20Programs&rft.jtitle=ACM%20transactions%20on%20software%20engineering%20and%20methodology&rft.au=Shi,%20Jieke&rft.date=2025-01-27&rft.issn=1049-331X&rft.eissn=1557-7392&rft_id=info:doi/10.1145/3715105&rft_dat=%3Cacm_cross%3E3715105%3C/acm_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a845-2478cf84ee3c0c8f9bae9311bb2848f0952577459cd581109ba5a8b59acb3eb53%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true