Introduction
Motivation
In recent decades, there has been a significant push to innovate autonomous robotic technologies in sectors ranging from transportation to healthcare. In the following sections, we address the specific issues and challenges for designing secure and interpretable algorithms in each of these modules and present existing approaches.
Decision-Making
A separate branch of research for the design of decision-making modules is focused on the entire collective set of agents instead of individual agents. The details of the approach can be found in Chapter 1 and 2. Unlike existing works, the result of our work is a behavior protocol that: 1) defines a set of behavior specifications where the behavior is interpretable (explainable), 2) path leverage network structure, 3) allows for inertial vehicle dynamics, 4) includes a notion of location, 5) is scalable with respect to the number of agents (due to the invariance of agents' safety backup plan action), and 6) can formally guarantee safety and liveliness.
Perception
In this way, the behavior profiles are a single element of the behavior protocol - the profile serves to help an agent choose what action it intends to take. 101 a) W.l.o.g., let us consider Ag0where Ag0∼ 𝐴𝑔. b) FlagFAg'(𝑢, 𝑎𝑖) =Tif Ag0𝑠intentional action𝑎𝑖causes collision with Ag or (𝐴𝑔0, 𝑎𝑖)⊥𝐴𝑔, i.e. it conflicts with the action plan for or .
Decision-Making: Behavioral Profiles
Introduction
In this chapter, we focus on designing the decision-making module for autonomous vehicles, with a specific focus on designing the set of rules (and the order of this set of rules) that agents use to select their actions. The behavior profile, which is a product of this systematic procedure, is a mathematical structure on the set of specifications that ultimately defines a version of a rulebook that agents can use to transparently select their actions.
Assume-Guarantee Profiles
A is a set of behavioral preferences or characteristics that the agent assumes its environment to have. The individual behavior profile must therefore have both 1) a set of specifications (or rules) that agents must follow, but also 2) an order that defines a hierarchy of importance on the specifications.
The Specification Structure and Consistency
We argue that a weak order in the specification power set is preferable to imposing a total order. In summary, the role of the consistent evaluation function is to take as input a set of partially ordered specifications.
The Specification Structure and Completeness
To evaluate their relative importance, the most significant digit corresponds to the leftmost element in the tuple, since that element has the highest rank. Since 𝑊0(𝑃𝛼) = 1 and𝑊0(𝑃𝛽) = 1, we need to keep comparing elements in the tuple to determine which one has a higher order.
Behavioral Profiles in the Assume-Guarantee Context
It is the set of all specification structures such that security and legality are included in the specification structure and that security has the highest rank of all specifications included in the specification structure. The following revised definition of assumption and assurance of Definition 1 characterizes the set of specification structures that agents in the environment can be assumed to have and the specifications that an individual self-driving car can vouch for.
Game Examples
In this work, we abstracted the perception system from the self-driving car to the omniscient oracle. Now consider the case where the oracles give incompatible beliefs about the environment, namely the state of the traffic signal.
Conclusion
Let us consider case A, when 𝑎 is such that 𝑠𝑓 = 𝜏Ag(𝑠, 𝑎) = GoalAg, i.e. the action leads the agent to his goal, and we show that Ag will always be able to take 𝑎 in the end. 2. Let us show that this is always true. a) The only Ag0 that can cause FAg(𝑢, 𝑎𝑖) =1 from Ag is when agent Ag0 is in a state where 𝐿 𝑎(𝐴𝑔0) =GoalAg.
Decision-Making: Behavioral Protocols
Introduction
A behavioral protocol can be thought of as a set of rules that agents must follow to choose their action (such as a behavioral profile), but that also dictate when agents are allowed to take their intended action or should be deferred to agents others. The behavior protocol builds on the behavior profile by adding constraints that determine whether or not an agent is allowed to take the intended actions.
Quasi-Simultaneous Discrete-Time Game
The polybus, with its nodes and directed edges, defines the global rotation order (of precedence) of the set of all agents𝔄∈𝔊based on the agent states. Note that the transition function 𝜏Ag and the state-condition function 𝜌Ag must be compatible for any agent Ag.
Specific Agent Class
35 steering maneuver (if at the right speed) is taken and the agent occupies a set of grid points, specified in Fig. In fact, an agent's bubble should depend on its state, and the agent characteristics and dynamics of all agents in the game.
Road Network Environment
Sintersection: A set of grid points containing all grid points with more than one legal orientation. Lanes: Let lane 𝐿 𝑎(𝑔) define a set of grid points containing𝑔and all grid points that form a line passing through𝑔.
The Agent Protocol
𝑂Ag, forward progress(𝑠, 𝑎, 𝑢) is returned if an action𝑎from state𝑠 will improve the agent's progress towards the target goalAg. When it is the agent's turn to choose an action, it must decide whether to perform the intended action or not𝑎𝑖.
Safety Guarantees
We denote 𝑃𝑡 as the statement about the state of the game at the beginning of the time step𝑡, before agents take their respective actions. If all agents take actions according to the statements in 𝐼, no collisions will occur.
Liveness Guarantees
When the density of agents in the road network is high enough, dead ends will occur along these loops. The sparse traffic conditions must be such that 𝑁 < 𝑀−1, where 𝑁 is the number of agents in the road network.
Simulation Environment
We simulate the game by randomly initializing spawn agents at source nodes for three different road network environments: 1) straight road segment, 2) small city block network, and 3) large city block network . In particular, over 100 trials for each of the maps, on average 77%, 36%, and 43% of the agents reached their respective destinations in the respective maps by the end of 250 time steps.
Conclusion
The temporal sequence of object detection events can be modeled as an HMM since the memoryless Markov function holds, i.e., the HMM estimation formulation and algorithms for calculating the pre-switch, which are used to improve the optimization formulation in Eqn. 4.8, are described in the following sections. According to the Action Selection Strategy, for Ag to take𝑎 is that 1) 𝑊Ag = 1, 2) FAg(𝑢, 𝑎𝑖) = 0, i.e. max-yielding-flag-not-enough must not be set and 3) all oracles in the behavior profile must be satisfied simultaneously.
Perception: Semantic Estimation
Introduction
We assume that we have a priori map that defines the positions of each object𝑜𝑘 and the corresponding region 𝑅𝑘 where the object can be detected. The measurement corresponding to the object detector of object𝑜𝑘 can be represented as a binary variable𝑧𝑘.
Maximum Likelihood Formulation with Semantic Measurements
In the case of a perfect classification algorithm, the confusion matrix would be the identity matrix. Instead, the vehicle may simply not have the object in its field of view but still be in the region 𝑅𝑘.
Hierarchical Formulation with Semantic Measurements
The trajectory In the case where the certainty in the object detection event 𝑠𝜏 = 𝑜𝑘 is high, the switch corresponds to 𝑧𝑘 beforehand.
Hierarchical System Architecture
The prior interruption associated with the semantic measurements that occur during the time intervals corresponding to these object detection events are calculated in the next section. The prior interrupt associated with measurements outside of object detection is set to have a safety proportional to 1− 𝑝(𝑠𝜏∅.
Simulation Results
We see how the mean of the squared error over the entire path for all trials is significantly smaller when the semantic metrics use either the probabilistic algorithm or the hierarchical algorithm. However, the main advantage of using the HMM formulation is not to improve the performance of the likelihood formulation.
Conclusion
Traffic rules: guarantees of safety and liveliness for autonomous vehicles.” In:arXiv preprint arXiv. Towards semantic SLAM using a monocular camera.” In: 2011 IEEE/RSJ International Conference on Intelligent Robots and Systems.
Conclusion and Future Work
Decision-Making
We therefore propose a top-down design approach for the decision-making module, where all agents are expected to behave according to a behavioral contract. The protocol definition includes the area an agent must reason about (i.e., the bubble), how the agent chooses the intended action (via the suppose-guarantee profile), and how it ultimately selects which action to take.
Perception
The assume-guarantee contract (protocol) is defined for a single class of agents with specific agent attributes. With this protocol, we formally guarantee security and progress (under sparse traffic conditions) for all agents.
Future Work
Switchable constraints for SLAM powerful pose graph.” In: 2012 IEEE/RSJ International Conference on Robots and Intelligent Systems. Motion planning with minimal scLTL violation for on-demand motion. In: 2017 IEEE International Conference on Robotics and Automation (ICRA).
Examples of Consistent Evaluators
Adding Nodes to a Specification Structure
When the resulting pose is no longer graded, we introduce a way to make minimal changes to the pose so that it regains its graded property. The orange edges are deleted and the green edges are added to minimally change the bag to a graduated bag.
Adding Edges to a Specification Structure
Road Network
Bubble Construction
These grid points are shown in the subfigure, second from the left in the figure. Note that this set of grid points is shown in the rightmost subplot of the figure.
Safety Lemmas
The following lemma states that if all Ag∈𝔄 follow an agent's protocol, no agent Ag will perform an action that would cause it to collide or violate the backup security plan of any higher-priority agent. The following lemma states that if all Ag∈𝔄 follow an agent's protocol, no agent Ag will perform an action that would cause it to collide or violate the backup security plan of any agent with the same priority.
Safety Proof
Traffic lights are designed to coordinate traffic so that agents, if they follow the rules of the traffic lights, do not collide. If the agents at time 𝑡 perform actions such that the proposition 𝐼𝑡 is true, then by the definition of the proposition 𝐼 the agents will end up in a state where at time t+1 the proposition 𝑃 is true, meaning 𝐼𝑡 ⇒ 𝑃𝑡+1.
Liveness Lemmas
Thus, we have shown that all oracles in the behavioral profile will always be ultimately satisfied, and Ag will assume 𝑎 such that𝑂Ag, destination reachability(𝑠, 𝑎, 𝑢) = T and𝑂Ag, forward progress(𝑠, 𝑎, 𝑢) =T. Case 𝑚𝐴𝑔 = 𝑁 +1: Let us show that any Ag located at a longitudinal distance of 𝑁 +1 from the destination always ultimately requires 𝑎, for which 𝑂Ag, forward progress (𝑠, 𝑎, 𝑢) =T. a) Let's see when Ag is only 𝑎 such that 𝑂Ag, forward progress(𝑠, 𝑎, 𝑢)=Tis.
Liveness Proof
Where the dependency graph𝐺dep (as defined in 11) is a directed acylcic graph (DAG), we prove that all Ag ∈ 𝔄 will always take 𝑎 ∈ 𝐴𝑐𝑡𝐴𝑔for which. If the only forward action𝑎allows𝐴𝑔 to leave the loop, then 𝐴𝑔 will always eventually take its action by the sparsity assumption (in definition 21) and the inductive arguments in the Liveness proof argument 2c.
Traffic Light Assumptions
Discrete Likelihood Function
Forward-backward Algorithm
