Notation and system model

Our problem setting is based on the following formalization. Let t = 0, 1, 2, … denote the discrete time steps, S be a continuous physical state space and A be a continuous action space.

We adopt a standard notation of a system from the literature on dynamical systems and reinforcement learning (Wiering and Van Otterlo Reference Wiering and Van Otterlo2012). Let π: S ↦ A denote a deterministic control policy; i.e., the current action is a _t = π(s _t). The control policy π _θ is parameterized by some θ ∈ Θ, with Θ being a fixed parameter space such as the weights and biases for some neural network architecture. The environment dynamics is f: S × A ↦ S, i.e., the next state s _{t + 1} = f(s _t,a _t).

Signal temporal logic

Our problem is also based on STL (Maler and Nickovic Reference Maler and Nickovic2004), a logical formalism to specify properties of continuous signals, such as trajectories of physical states in a continuous state space. In CPS, STL is used for both monitoring and verification of task accomplishment (Ruchkin et al., Reference Ruchkin, Cleaveland, Ivanov, Lu, Carpenter, Sokolsky and Lee2022). On a trajectory denoted as $\overline{s}\,\,\colon =s_{0}s_{1}\ldots s_{T}$ , ∀s _t ∈ S, the grammar of STL is defined as

(1) $$\varphi \,\,\colon \, \colon ={\rm \top\ }| g\left(\overline{s}\right)\lt 0| \neg \varphi | \varphi _{1}\wedge \varphi _{2}| \varphi _{1}U_{[{t_{1}},{t_{2}}]}\varphi _{2}.$$

Here, ⊤ is a tautology and g: S ^T ↦ ℝ is a real-valued function on signals. Temporal operator U _{[t 1,t 2]} denotes the until operator, and ϕ ₁ U _{[t 1,t 2]} ϕ ₂ means ϕ ₂ must hold at some time t ∈ [t ₁,t ₂] and ϕ ₁ must always hold before t. The until operator can be converted into two additional temporal operators (i) eventually/finally operator F _{[t 1,t 2]} and (ii) always/globally operator G _{[t 1,t 2]}. The exact definition of STL semantics can be found in the original paper (Maler and Nickovic Reference Maler and Nickovic2004).

STL robustness

We adopt STL for two reasons. First, it is more expressive than other temporal logic languages such as LTL, as STL leverages real-valued predicates to express the system’s physical state. Second, STL robustness can be used as a soft objective function to guide the learning process (Fainekos and Pappas Reference Fainekos and Pappas2009).

Conventional STL semantics produce a Boolean outcome, indicating whether a given trajectory accomplishes its task. STL is also equipped with quantitative semantics (Fainekos and Pappas Reference Fainekos and Pappas2009; Gilpin et al., Reference Gilpin, Kurtz and Lin2020; Hamilton et al., Reference Hamilton, Robinette and Johnson2022), a robustness score to evaluate the degree of a trajectory satisfying an STL formula ϕ. Specifically, the robustness score ρ: S ^T × ℕ _{≥ 0} × Φ ↦ ℝ is a real-valued function that evaluates $\rho (\overline{s},t,\varphi )$ on three inputs: a trajectory $\overline{s}$ of length T, a starting time step t of the trajectory and an STL formula ϕ ∈ Φ. The reader is referred to classic sources (Fainekos and Pappas Reference Fainekos and Pappas2009) for its definition. Based on this definition, ρ ≥ 0 means that the trajectory starts at time t with length T is able to fulfill the STL formula ϕ, i.e., it accomplishes the specified task. Likewise, ρ < 0 means it fails. The larger the absolute value of ρ, the higher the degree of accomplishment or failure.

We assume all tasks are given in the form of STL specifications, and the following subroutine is available to compute performance on a task ϕ from an initial state s ₀, under dynamics f and policy π.

Definition 1 (Robustness Computing Subroutine). Given a dynamics f and an STL-specified task ϕ, a robustness computing subroutine rob _f,ϕ : S × Π ↦ ℝ is a function that computes the STL robustness of a trajectory from an initial state s ₀ under a control policy π. That is,

(2) $${\rm rob}_{f,\varphi }\left(s_{0},\pi \right)\,\,\colon =\rho \left(\overline{s},0,\varphi \right)$$

Here, trajectory $\overline{s}=s_{0}s_{1}\cdots s_{T}$ , with a _t = π(s _t) and s _{t + 1} = f(s _t,a _t) for all t ∈ [0, T). The set Π denotes the space of all policies.

In other words, rob_{f, ϕ}(s ₀,π) evaluates the degree of task accomplishment from initial state s ₀ under control policy π.

Sound but incomplete verifier

Our problem setting also relies on verifiers (Ivanov et al., Reference Ivanov, Weimer, Alur, Pappas and Lee2019). A verifier formally proves whether a continuous subset of initial states S′ ⊂ S produces trajectories that all satisfy a specification ϕ under a policy π and dynamics f. Formally, a mathematical abstraction of a verifier is given as follows.

Definition 2 (Verifier). With a given dynamics f and an STL specification ϕ, a verifier is a mapping ver _{f, ϕ} : 2^𝒮_init ↦ {0, 1} that checks whether the system starting from any state in a subset of initial states 𝒮 ⊆ 𝒮_init is able to satisfy ϕ under f.

In plain words, if we input a subset of initial states into a verifier, it returns 1 if all initial states will end up satisfying ϕ in f, or 0 if there exists an initial state that will end up violating ϕ in f.

A sub-category of verifiers is sound but incomplete verifiers, which we are able to obtain from off-the-shelf techniques, such as Verisig (Ivanov et al., Reference Ivanov, Carpenter, Weimer, Alur, Pappas and Lee2021; Ivanov et al., Reference Ivanov, Weimer, Alur, Pappas and Lee2019). Such verifiers are conservative. That is, if a region of initial states passes this verifier, it is guaranteed that all states in this region can successfully accomplish the task (i.e., the verifier is sound). However, the implication does not hold in the other direction (i.e., the verifier is incomplete). To define such a verifier, we first define a partition in the initial states as follows.

Definition 3 (Initial State Partition). Given dynamics f: S × A ↦ S, a control policy π: S ↦ A partitions the initial states S _init ⊂ S into successful and failed ones: S _init = S _π ^s ∪ S _π ^f . That is,

(3) $$\matrix{ {S_\pi ^{\rm{s}}: = \{ {s_0} \in {S_{init}}:{\rm{ro}}{{\rm{b}}_{f,\varphi }}({s_0},\pi ) \ge 0\} } \hfill \cr {S_\pi ^{\rm{f}}: = {S_{init}}\backslash S_\pi ^{\rm{s}}} \hfill \cr } $$

Definition 3 formalizes a partition of the initial states under a control policy π. In plain words, S _π ^s is the set of initial states from which π satisfies ϕ (“s” stands for “success”). Likewise, S _π ^f is the set of initial states from which π does not satisfy, or equivalently, fails on ϕ (“f” stands for “failure”). With the formalization above, we identify a feasible repair problem that takes account of STL robustness trade-offs among trajectories from different initial states.

With the above partition defined, we have Definition 4.

Definition 4 (Sound but Incomplete Verifier). Given dynamics f, a verifier of property ϕ is abstracted as a function ver _{f, ϕ} : 2 ^S × Π ↦ {0, 1}. On a subset of initial states S′ ⊆ S for a given control policy π, the verifier outputs whether all initial states in S′ produce trajectories that satisfy ϕ. A verifier is sound but incomplete iff

(4) $$\matrix{ {(\forall {S^\prime } \in {2^S} \cdot {\rm{ve}}{{\rm{r}}_{f,\varphi }}({S^\prime },\pi ) = 1\Longrightarrow{S^\prime } \subseteq S_\pi ^{\rm{s}}) \wedge } \hfill \cr {(\exists {S^{\prime \prime }} \in {2^S} \cdot {S^{\prime \prime }} \subseteq S_\pi ^{\rm{s}} \wedge {\rm{ve}}{{\rm{r}}_{f,\varphi }}({S^{\prime \prime }},\pi ) = 0).} \hfill \cr } $$

In Equation (4), the term on the first line means soundness, and the second line means incompleteness.

Simulated annealing

Simulated annealing is a stochastic optimization algorithm that aims to find the global optima of an objective function, which is often equivalently referred to as an energy function (Kirkpatrick et al., Reference Kirkpatrick, Gelatt and Vecchi1983); Serafini Reference Serafini1994; Suman and Kumar Reference Suman and Kumar2006). We denote the energy function as e: Θ ↦ ℝ, i.e., a real-valued function that depends on variables θ ∈ Θ.

The algorithm works as follows. At every iteration, it randomly perturbs previous variables θ to obtain new variables θ′, e.g., by adding Gaussian noise to each variable. Then, the energy function is evaluated to see if the new e(θ′) is better than the previous e(θ). Specifically, if Δ _e: = e(θ′) − e(θ) ≥ 0, the new variables are accepted. Otherwise, if Δ _e < 0, a second check is performed by tossing a biased coin with acceptance probability

(5) $$\Pr [{\rm acceptance}]\,\,\colon =\exp (-\Delta _{e}/\tau ).$$

Here, τ > 0 is called the temperature, with higher values leading to more exploration. This second criterion is formally known as the Metropolis-Hastings criterion, which encourages the exploration of new variables, even if the new energy function is slightly worse. At the end of every iteration, the temperature cools down, e.g., by multiplying a cooling factor α ∈ (0,1). So the amount of exploration decreases throughout the procedure. The algorithm runs until either the energy function converges or a maximum number of iterations is reached.

Compared to other optimization algorithms, such as gradient descent, simulated annealing is able to escape local optima due to its stochastic nature and encouragement in exploration. We will use a modified version of this technique in our main algorithm.

Formulating the RwP problem

Based on the initial states partition defined in Definition 3, we formulate the RwP problem as follows.

Definition 5 (Repair with Preservation (RwP) Problem).

(6) $$\matrix{ {{\rm{maximiz}}{{\rm{e}}_{{\pi ^\prime }}}\;\int_{S_\pi ^{\rm{f}}} {\mkern 1mu} \mathbb{1}({\rm{ro}}{{\rm{b}}_{f,\varphi }}({s_0},{\pi ^\prime }) \ge 0)d{s_0}} \hfill \cr {{\rm{subject}}\;{\rm{to}}\;S_\pi ^{\rm{s}} \subseteq S_{{\pi ^\prime }}^{\rm{s}},} \hfill \cr } $$

where ${\mathbb{1}}$ (⋅) is the indicator function, which returns 0 if the input proposition is false and 1 if true.

Equation (6) aims to find an alternative control policy π′ to repair as many previously failed initial states in S _π ^f as possible, while protecting the previously successful initial states S _π ^s from being compromised. Trivially, a control policy that satisfies the constraint is the original policy π. Therefore, it is guaranteed that there exists a solution to this problem.

To solve for the non-standard integral in (6), we approximate the problem by partitioning the initial state set into finitely many regions, i.e., S _init = S ₁ ∪ ⋯ ∪ S _M. There exist two types of initial state regions S _i: (i) successful: all states in the region are successful under a given policy π, i.e., S _i ⊆ S _π ^s and (ii) failed: not all states in the region are successful under π, i.e., $S_{i}{\subseteq }{S}_{\pi }^{{\rm s}}$ . The problem becomes

(7) $$\matrix{ {{\rm{maximiz}}{{\rm{e}}_{{\pi ^\prime }}}\sum\limits_{{S_i}\underline \not\subset S_\pi ^{\rm{s}}} {\mkern 1mu} {\mathbb{1}}\left( {{S_i} \subseteq S_{{\pi ^\prime }}^{\rm{s}}} \right)} \hfill \cr {{\rm{subject}}\;{\rm{to}}\;{S_i} \subseteq S_\pi ^{\rm{s}}\Longrightarrow{S_i} \subseteq S_{{\pi ^\prime }}^{\rm{s}}.} \hfill \cr } $$

The repair problem in Equation (7) aims to repair as many failed regions as possible, while safeguarding the already successful ones. This discretized version of the problem approaches Equation (6) as the partition becomes finer.

Formulating the verification-aided RwP problem

To solve Equation (7), one more key issue remains: how do we know whether all states in a region S _i would lead to success? To provide guarantees for infinite (but bounded) regions, we leverage a sound but incomplete verifier introduced in Section 2.1.4.

With a verifier available, we aim to address the following main problem, which first requires partitioning the initial state space into regions S ₁, …, S _M. We know that a region S _i is successful if it passes verification, i.e., ver_{f, ϕ}(S _i,π _θ) = 1. We would like to protect such regions, preserving the correct behaviors. While protecting these regions, we would like to maximally repair failed regions. However, the incomplete property of the verifier means that a repaired region may still be classified as unsafe by the verifier. Consequently, we estimate a region S _i is repaired if all initial states in a uniformly sampled finite subset Ⓢ _i ⊂ S _i can accomplish the task, i.e., STL robustness ≥ 0.

The size of regions is a design parameter. Since the verifier is conservative, the larger regions we have, the less likely we are able to capture the small subsets of initial states that are correct. However, larger regions would also lead to smaller numbers of regions, providing computational efficiency. Indeed, picking the sizes of regions exhibits an accuracy-efficiency trade-off. For simplicity, we assume the partition on regions is already given. Then the main problem is formalized as follows.

Main Problem (Verification-aided RwP). We would like to accomplish a given STL task ϕ under dynamics f: S × A ↦ S. The current control policy π: S ↦ A is unable to accomplish this task from all initial states in S _init ⊂ S. Therefore, we aim to find an alternative control policy π′ by repairing a subset of initial states while safeguarding another. Specifically, we are given a partition S _init = S ₁ ∪ ⋯ ∪ S _M of the initial state space. Moreover, for each region S _i, K initial states are uniformly sampled, forming a finite subset Ⓢ _i.

Assuming an STL robustness function rob_{f, ϕ} as in Definition 1, the regions to be repaired are

(8) $${\cal{S}}_{\pi }^{{\rm f}}\,\,\colon =\left\{S_{i}\,\,\colon \exists s_{0}\in \hat{S}_{i},{\rm rob}_{f,\varphi }\left(s_{0},\pi \right)\lt 0\right\},$$

The regions to be protected are the ones passing a sound but incomplete verifier ver_{f, ϕ} as in Definition 4, i.e.,

(9) $${\cal{S}}_{\pi }^{{\rm s}}\,\,\colon =\{S_{i}\,\,\colon {\rm ver}_{f,\varphi }(S_{i},\pi )=1\}.$$

To find an alternative control policy π′, we solve the following optimization problemFootnote ¹ .

(10) $$\matrix{ {{\rm{maximiz}}{{\rm{e}}_{{\pi ^\prime }}}\;\sum\limits_{{S_i} \in {\cal S}_\pi ^{\rm{f}}} {\mkern 1mu} \mathbb{1}\left( {\forall {s_0} \in {{\hat S}_i},{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi ^\prime }} \right) \ge 0} \right)} \hfill \cr {{\rm{subject}}\;{\rm{to}}\;{S_i} \in {\cal S}_\pi ^{\rm{s}}\;\Longrightarrow\;{\rm{ve}}{{\rm{r}}_{f,\varphi }}({S_i},{\pi ^\prime }) = 1.} \hfill \cr } $$

That is, our goal is to design a repair algorithm that maximizes the number of repaired initial state regions and safeguards the already successful ones. The verifier provides a formal proof of constraint satisfaction for a solution control policy. In other words, preserving the verified (guaranteed) correctness in the initial state regions is the top priority, i.e., constraint, while repairing additional incorrect regions is the second priority.

One remark is that this main problem seeks a single new control policy π′. There exists an alternative problem setting, which aims to obtain one policy per region S _i and switch between these policies at runtime. However, researchers in learned control policies have already discussed the disadvantages of retaining distinct per-task policies instead of using a shared policy across tasks. That is, the latter would provide higher efficiency in computation and resources (Hessel et al., Reference Hessel, Soyer, Espeholt, Czarnecki, Schmitt and Van Hasselt2019; Parisotto et al., Reference Parisotto, Ba and Salakhutdinov2016); Rusu et al., Reference Rusu, Colmenarejo, Gulcehre, Desjardins, Kirkpatrick, Pascanu, Mnih, Kavukcuoglu and Hadsell2016). In contrast, researchers in multi-task and continual learning have already shown satisfactory performance in using one shared model for multiple sub-tasks (Ruvolo and Eaton Reference Ruvolo and Eaton2013). Therefore, our research targets the solution of a shared control policy representation. It would be interesting for future work to explore the alternatives.

Offline fine-tuning by formal specifications

When demonstrations of correct behaviors are not available, repairing NN-based policies may be guided by formal specifications. Existing literature constrains the repair problem with additional assumptions. One such assumption is the finite number of counterexamples, which can be searched and repaired iteratively (Bauer-Marquart et al., Reference Bauer-Marquart, Boetius, Leue and Schilling2022). If counterexamples are finite and the NN is piecewise linear, such as ReLU-activated networks, existing methods can provide various guarantees. These guarantees include locality in repair, i.e., altering the behavior of a specific input would only affect the behaviors of a small surrounding neighborhood (Fu and Li Reference Fu and Li2021; Majd et al., Reference Majd, Zhou, Amor, Fainekos and Sankaranarayanan2021), as well as provable minimality in modification (Goldberger et al., Reference Goldberger, Katz, Adi and Keshet2020). For infinite counterexamples, a typical assumption is that a forward pass of the NN can be approximated as affine mappings with bounded errors, so that reachability analysis would apply (Yang et al., Reference Yang, Yamaguchi, Tran, Hoxha, Johnson and Prokhorov2022). These methods fit well when the underlying NN follows these assumptions, with applications such as robotic prosthesis (Majd et al., Reference Majd, Clark, Khandait, Zhou, Sankaranarayanan, Fainekos and Ben Amor2023).

For general NN architectures and infinite counterexamples, researchers have leveraged reinforcement learning (RL) (Arulkumaran et al., Reference Arulkumaran, Deisenroth, Brundage and Anthony Bharath2017; Kaelbling et al., Reference Kaelbling, Littman and Moore1996; Wiering Van Otterlo Reference Wiering and Van Otterlo2012) to fine-tune the policy. The assumption is that the environment, or a simulator of the environment, is available for the controlled agent to explore and collect data by itself.

By definition of RL, the underlying dynamics are modeled as a Markov decision process (MDP), and the goal is to find a policy that maximizes the total reward of a given reward function on this MDP. However, the major concern is how to incorporate the specification in this setting. In real-world applications such as CPS, specifications are commonly formalized as temporal logic formulas, which are non-Markovian. That is, how good or how bad an action is not only depends on the current state but also on the history. Therefore, if a reward is designed to measure the degree of satisfying a temporal logic specification (such as STL robustness), a memory cache has to be used to remember the previous states. This dependency on history complicates learning.

When the specification is a LTL (Pnueli Reference Pnueli1977), this issue of being non-Markovian shall be resolved by product MDP (Bozkurt et al., Reference Bozkurt, Wang, Zavlanos and Pajic2020; Ding et al., Reference Ding, Smith, Belta and Rus2014; Fritz Reference Fritz2003; Mukund Reference Mukund1997; Sadigh et al., Reference Sadigh, Kim, Coogan, Sastry and Seshia2014; Sickert et al., Reference Sickert, Esparza, Jaax and Křetínský2016; Vardi Reference Vardi2005). That is, the underlying MDP model is augmented with an additional finite automaton, which is equivalent to the LTL. Then, all learning is done on this augmented MDP, without an additional memory cache needed. However, when the specification is STL, the equivalent automaton, namely τ-MDP, is proven to be intractable (Aksaray et al., Reference Aksaray, Jones, Kong, Schwager and Belta2016). So far, no tractable equivalent automaton can be found (Sickert Reference Sickert2015), and scientists therefore find alternative solutions. One example is to identify an approximate automaton instead of an equivalent one. Here, researchers augment the MDP with an automaton known as F-MDP (Venkataraman et al., Reference Venkataraman, Aksaray and Seiler2020), and STL robustness is used as the reward function. Here, the state space is augmented and no additional memory cache is required. Still, designing the automaton for F-MDP is a non-trivial problem. Alternatively, a more straightforward solution, known as STLGym (Hamilton et al., Reference Hamilton, Robinette and Johnson2022), is to keep an additional memory cache and compute the non-Markovian STL robustness as a reward. The memory is constantly monitored and updated during training time.

Offline fine-tuning by imitation learning

When demonstrations of correct behaviors are available, offline fine-tuning of the NN-based policy can be done by supervised learning, also known as imitation learning (Hussein et al., Reference Hussein, Gaber, Elyan and Jayne2017).

Researchers have formulated this problem as a mixed integer quadratic program (MIQP) (Majd et al., Reference Majd, Zhou, Amor, Fainekos and Sankaranarayanan2021). In this paper, the demonstrator is a synthesized safe model predictive control (MPC), and the solution is to fine-tune a given layer of parameters in an NN, such that the outputs of the NN will fall within a specific safety range. The MIQP adjusts the given layer’s weights to minimize the same MSE loss, while subject to the safety constraint on outputs. This approach has been applied to the repair of NN-controlled prosthesis (Majd et al., Reference Majd, Clark, Khandait, Zhou, Sankaranarayanan, Fainekos and Ben Amor2023), where the output control signal must be restrained within a range to avoid drastic motions of the prosthetic limbs.

An alternative approach is to conduct supervised learning on the entire NN instead of one selected layer. Known as minimally deviating repair (Zhou et al., Reference Zhou, Gao, Kim, Kang and Li2020), this method trains an NN-based policy to imitate a safe MPC by fine-tuning all its layers. The objective is to minimize the deviation in NN parameters while repairing the errors, in the hope that the previous correctness shall be preserved. Still, small deviations in NN parameters do not necessarily imply that previously correct behaviors will not be broken. In addition to data to imitate, context knowledge can be provided by formal specifications, leading to the hybrid information setting for repair (Zhou et al., Reference Zhou, Ahmed, Aylor, Asare and Alemzadeh2023).

Online intervention by shielding

Different from the above two categories, another method is to add an additional operation at the end of the NN-based policy at runtime. This additional operation is known as shielding, which identifies faulty NN outputs and intervenes (Bastani Reference Bastani2021; Li and Bastani Reference Li and Bastani2020; Wabersich et al., Reference Wabersich, Hewing, Carron and Zeilinger2021). The identification is commonly rollout based, i.e., the shield assumes a known dynamics, and conducts reachability analysis to see if the specification could possibly be violated. A typical state-of-the-art rollout-based shield is tube MPC (Wabersich and Zeilinger Reference Wabersich and Zeilinger2018). At every time step t, a safety check is done by computing whether a fallback policy, synthesized by MPC, can maintain safety within the horizon from t + 1, if the current control action is executed. If not, the algorithm intervenes by switching to the fallback policy, whose safety is ideally guaranteed at the previous time step t − 1. Still, the risk of this method comes from long horizons and complex dynamics, which lead to errors in reachability analysis and MPC optimization. Under such a risk, the shield may intervene to correct the behavior, causing failures in preservation.

Energy function design

We use a simulated annealing-based approach to optimize the parameters θ for an NN-based control policy π _θ, due to its ability to escape local optima.

To apply simulated annealing, our first step is to design the energy function. To repair a failed region of initial states S _i ∈ 𝒮_π ^f (as defined in the main problem), we aim to improve the STL robustness of its generated trajectories. This results in the following energy function

(11) $$e\left(\theta \right)\,\,\colon ={1 \over V(S_{i})}\int _{{S_{i}}}\,{\rm rob}_{f,\varphi }\left(s_{0},\pi _{\theta }\right)ds_{0}.$$

Here, V(⋅) denotes a volumetric measure on a continuous set, $V(S)=\int _{S}\,ds_{0}$ , i.e., the volume, if the set S is Euclidean (S ⊂ ℝ ⁿ ). That is, we want to maximize the average STL robustness of trajectories from all initial states s ₀ ∈ S _i.

However, this energy function does not protect any currently successful initial states. Formally, we want to repair a region S _i ∈ 𝒮_π ^f while safeguarding $S^{{\rm s}}\colon =\bigcup _{S\in {\cal{S}}_{\pi }^{{\rm s}}}\,S$ , as stated in the main problem. To do this, we employ a log-barrier function, as it is a smooth approximation of the constraint ∀s ₀ ∈ S ^s, rob_{f, ϕ}(s ₀,π _θ) ≥ 0 and is easy to compute (Hertog et al., Reference Hertog, Roos and Terlaky1992; Hauser and Saccon Reference Hauser and Saccon2006; Polyak Reference Polyak1992). We have

(12) $$\matrix{ {e\left( \theta \right): = {1 \over {V({S_i})}}\int_{{S_i}} {\mkern 1mu} {\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)d{s_0}} \hfill \cr \;\;\;\;\;\;\;\;\;\;\;{ + {\lambda \over {V({S^{\rm{s}}})}}\int_{{S^{\rm{s}}}} {\mkern 1mu} \log \left( {{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right)d{s_0}} \hfill \cr } $$

The hyperparameter λ > 0 is a balance factor. Larger values of λ favor protecting the successful states, while smaller values favor fixing the unsuccessful states. The energy function in Equation (12) aims to improve the robustness of all initial states in S _i, while safeguarding the robustness of all initial states in S ^s with a log barrier. Note that if the STL robustness is negative, then the logarithm will be undefined. To avoid this, we set up a lower bound, e.g., −1000, that the log-robustness will take if the STL robustness is negative or if log robustness is lower than the bound.

One computational issue is that Equation (12) has no convenient closed-form solution, making it hard to evaluate directly. In response, we use Monte Carlo integration (Robert et al., Reference Robert, Casella, Robert and Casella1999) to approximate the two integrals. So, we uniformly sample states from each region S _i to form finite sets Ⓢ _i (as in Equation (10)). The union of all sampled states from successful regions is denoted as Ⓢ ^s. The cardinality of Ⓢ _i and Ⓢ ^s are K and LK (K samples per region as in the main problem, and L = |𝒮_π ^s| is the number of regions to protect). So the energy function now becomes

(13) $$\matrix{ {\hat e\left( \theta \right): = {1 \over K}\sum\limits_{{s_0} \in {{\hat S}_i}} {\mkern 1mu} {\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \hfill \cr \;\;\;\;\;\;\;\;\;\;\;{ + {\lambda \over {LK}}\sum\limits_{{s_0} \in {{\hat S}^{\rm{s}}}} {\mkern 1mu} \log \left( {{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right).} \hfill \cr } $$

The following proposition shows that ê(θ) and e(θ) can be arbitrarily close.

Proposition 1 (Error in Monte Carlo Integrated Energy Function). The energy functions ê(θ) in Equation (13) and e(θ) in Equation (12) satisfy

(14) $$\matrix{ {{\mathbb E}\left[ {\hat e\left( \theta \right)} \right] = e\left( \theta \right){\rm{and}}} \hfill \cr {{\rm{Var}}\left[ {\hat e\left( \theta \right)} \right] = {{\left( {{1 \over K}} \right)}^2}{\rm{Va}}{{\rm{r}}_{{{\hat S}_i}}}\left[ {{\rm{ro}}{{\rm{b}}_{f,\varphi }}} \right] + {{\left( {{\lambda \over {LK}}} \right)}^2}{\rm{Va}}{{\rm{r}}_{{{\hat S}^{\rm{s}}}}}\left[ {\log ^\circ {\rm{ro}}{{\rm{b}}_{f,\varphi }}} \right].} \hfill \cr } $$

Here, Var_X̂[g] denotes the variance of a function g on a finite set of inputs X̂.

Proof. Monte Carlo integration has the following property (Robert et al., Reference Robert, Casella, Robert and Casella1999): an integral $I=\int _{X}\,g(x)dx$ is approximated by $\hat{I}=(V/K)\sum _{x\in \hat{X}}\,g(x)$ . Here, X̂ consists of K uniformly and independently sampled points in X and volume $V=\int _{X}\,dx$ . Existing work (Robert et al., Reference Robert, Casella, Robert and Casella1999) has shown this approximation satisfies (i) 𝔼[Ⓘ] = I and (ii) Var[Ⓘ] = V ²Var_X̂[g]/K ².

The above is an established result of Monte Carlo integration. In our case, the energy function is a linear combination of two Monte Carlo integrals. Also, recall that a region S _i has K uniformly sampled initial states, and the union of to-be-preserved regions $S^{{\rm s}}=\bigcup _{{S_{i}}\in {\cal{S}^{{\rm s}}}}\,S_{i}$ has LK uniformly sampled initial states. We have

(15) $$\small{\matrix{ {{\mathbb E}\left[ {\hat e\left( \theta \right)} \right] = {1 \over K}{\mathbb E}\left[ {\sum\limits_{{s_0} \in {{\hat S}_i}} {\mkern 1mu} {\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right] + {\lambda \over {LK}}{\mathbb E}\left[ {\sum\limits_{{s_0} \in {{\hat S}^{\rm{s}}}} {\mkern 1mu} \log \left( {{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right)} \right]} \hfill \cr { = {1 \over {V({S_i})}}\mathop {\underbrace {{\mathbb E}\left[ {{{V({S_i})} \over K}\sum\limits_{{s_0} \in {{\hat S}_i}} {\mkern 1mu} {\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right]}_{}}\limits_{{\mathbb E}\left[ {\hat I} \right]} + {\lambda \over {V({S^{\rm{s}}})}}\mathop {\underbrace {{\mathbb E}\left[ {{{V({S^{\rm{s}}})} \over {LK}}\sum\limits_{{s_0} \in {S^{\rm{s}}}} {\mkern 1mu} \log \left( {{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right)} \right]}_{}}\limits_{{\mathbb E}\left[ {\hat I} \right]} } \hfill \cr { = {1 \over {V({S_i})}}\int_{{S_i}} {\mkern 1mu} {\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)d{s_0} + {\lambda \over {V({S^{\rm{s}}})}}\int_{{S^{\rm{s}}}} {\mkern 1mu} \log \left( {{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right)d{s_0}} \hfill \cr { = e(\theta )\ {\rm{by\ Equation}}\ (12).} \hfill }} $$

Likewise, because the initial states are independently sampled,

(16) $$\scriptstyle {\eqalign{ & & & & {\rm{Var}}\left[ {\hat e\left( \theta \right)} \right] = {1 \over {{K^2}}}{\rm{Var}}\left[ {\sum\limits_{{s_0} \in {{\hat S}_i}} {\mkern 1mu} {\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right] + {{{\lambda ^2}} \over {{{(LK)}^2}}}{\rm{Var}}\left[ {\sum\limits_{{s_0} \in {{\hat S}^{\rm{s}}}} {\mkern 1mu} \log \left( {{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right)} \right] \cr & & & & = {1 \over {V{{({S_i})}^2}}}\mathop {\underbrace {{\rm{Var}}\left[ {{{V({S_i})} \over K}\sum\limits_{{s_0} \in {{\hat S}_i}} {\mkern 1mu} {\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right]}_{}}\limits_{{\rm{Var}}\left[ {\hat I} \right]} + {{{\lambda ^2}} \over {V{{({S^{\rm{s}}})}^2}}}\mathop {\underbrace {{\rm{Var}}\left[ {{{V({S^{\rm{s}}})} \over {LK}}\sum\limits_{{s_0} \in {{\hat S}_2}} {\mkern 1mu} \log \left( {{\rm{ro}}{{\rm{b}}_{f,\varphi }}\left( {{s_0},{\pi _\theta }} \right)} \right)} \right]}_{}}\limits_{{\rm{Var}}\left[ {\hat I} \right]} \cr & & & & = {1 \over {V{{({S_i})}^2}}}{{V{{({S_i})}^2}{\rm{Va}}{{\rm{r}}_{{{\hat S}_i}}}\left[ {{\rm{ro}}{{\rm{b}}_{f,\varphi }}} \right]} \over {{K^2}}} + {{{\lambda ^2}} \over {V{{({S^{\rm{s}}})}^2}}}{{V{{({S^{\rm{s}}})}^2}{\rm{Va}}{{\rm{r}}_{{{\hat S}^{\rm{s}}}}}\left[ {{\rm{log}} \circ {\rm{ro}}{{\rm{b}}_{f,\varphi }}} \right]} \over {{{(LK)}^2}}} \cr & & & & = {1 \over {{K^2}}}{\rm{Va}}{{\rm{r}}_{{{\hat S}_i}}}\left[ {{\rm{ro}}{{\rm{b}}_{f,\varphi }}} \right] + {{{\lambda ^2}} \over {{{(LK)}^2}}}{\rm{Va}}{{\rm{r}}_{{{\hat S}^{\rm{s}}}}}\left[ {{\rm{log}} \circ {\rm{ro}}{{\rm{b}}_{f,\varphi }}} \right]. \cr}} $$

Proposition 1 states that the Monte Carlo integrated energy function ê(θ) has an expected value of the energy function ê. Moreover, as we sample more initial states (larger K), the variance of ê(θ) decreases. Therefore, by increasing K, the approximation can be arbitrarily close to the original energy function. Specifically, we are able to compute confidence intervals based on the size of sampled state sets (Preacher and Selig Reference Preacher and Selig2012).

Safeguarded simulated annealing

The energy function in Equation (13) is a non-standard function with a potentially large number of local optima. Therefore, we utilize simulated annealing to maximize it, which has the advantage of escaping local optima as mentioned in Section 2.1.5. However, due to its stochastic nature, simulated annealing may compromise the protected initial states, lowering their trajectories’ STL robustness. We tolerate such compromise unless the robustness drops below 0, which means the task is failed. Therefore, we propose the following safeguarded version of simulated annealing in Algorithm 1, which has an additional check on the STL robustness of the protected initial states.

Algorithm 1 Safeguarded Simulated Annealing

Input: Finite set of states to be repaired Ⓢ _i, finite set of states to be protected Ⓢ ^s, control policy parameters θ, energy balance factor λ > 0, perturbation standard deviation σ > 0, initial temperature τ > 0, cooling factor α ∈ (0,1), max iteration Q

Output: Intermediate repaired control policy parameters θ′

1: θ′ ← θ 1:

2: ê, ρ _{Ⓢ ^s} ← evaluate Energy(Ⓢ _i, Ⓢ ^s, θ′, λ) 2:

3: for iter = 1, …, Q do

4:   θ″ ← θ′ + 𝒩(0, σ ²)

5:   ê′, ρ _{Ⓢ ^s} ← evaluateEnergy(Ⓢ _i,Ⓢ ^s,θ″,λ) 5:

6:   Δ _ê ← ê′ − ê 6:

7:   Draw x ∼ Bernoulli(exp(−Δê/τ))

8:   if Δ _ê ≥ 0 or x = 1 then

9:    if ρ _{Ⓢ ^s} ≥ 0 then

10:     θ′ ← θ″, ê ← ê′

11:    end if

12:  end if

13:  τ ← τ × α

14: end for

Algorithm 1 presents a safeguarded version of simulated annealing. Specifically, on a given S _i to be repaired, it aims to improve robustness on the finite sampled initial set Ⓢ _i while protecting the robustness of Ⓢ ^s. The key subroutine is evaluateEnergy at lines 2 and 5, which takes as input Ⓢ _i, Ⓢ ^s, current control policy parameters θ and balance factor λ and outputs energy ê as in Equation (13) and the minimum robustness ρ _{Ⓢ ^s} of protected initial states, i.e.,

(17) $$\rho _{{\hat{S}^{{\rm s}}}}\left(\theta \right)\,\,\colon =\min _{s_{0}\in \hat{S}^{{\rm s}}}{\rm rob}_{f,\varphi }\left(s_{0},\pi _{\theta }\right).$$

From lines 3 to 15, we have the main loop of simulated annealing. The parameters are perturbed with Gaussian noise at line 4, and energy is evaluated again at line 5. Line 8 provides the standard criterion check of simulated annealing as explained in Section 2.1.5, i.e., Metropolis-Hastings criterion. However, this criterion check is insufficient to safeguard all initial states in Ⓢ ^s, since a new parameter θ′ may break them. Hence, we add an additional safeguard on the minimum robustness at line 9, to ensure that all s ₀ ∈ Ⓢ ^s still produce trajectories that accomplish the task. Finally, the temperature cools down at line to gradually discourage exploration.

The ISAR algorithm

With the safeguarded simulated annealing defined in Algorithm 1, we use it as a subroutine in our main ISAR algorithm, detailed in Algorithm 2.

Algorithm 2 Incremental Simulated Annealing Repair (ISAR)

Input: Partitioned continuous initial state set S _init = S ₁ ∪ … ∪ S _M, control policy parameters θ, sample size K, energy balance factor λ > 0, perturbation std σ > 0, initial temperature τ > 0, cooling factor α ∈ (0,1), max iteration Q

Output: Repaired control policy parameters θ and final verification outputs v ₁′, …, v _M′

1: for each S _i do

2:   v _i ← ver_{f, ϕ}(S _i,π _θ)

3 end for

4: for each S _i do

5:   Uniformly sample K states in S _i to form finite set Ⓢ _i

6:   for each s ₀ ^j ∈ Ⓢ _i do

7:    ρ _i ^j ← rob_{f, ϕ}(s ₀ ^j ,π _θ)

8:   end for

9: end for

10: 𝒮^s ← {S _i : v _i = 1} ▷ regions to be protected

11: $\hat{S}^{{\rm s}}\leftarrow \bigcup _{{S_{i}}\in {\cal{S}^{{\rm s}}}}\,\hat{S}_{i}$

12: 𝒮^f ← {S _i : ∃j, ρ _i ^j < 0} ▷ regions to be repaired

13: Sort 𝒮^f in decreasing order of $\sum _{j}\,{\rho }_{i}^{j}$ of each S _i

14: while 𝒮^f is not empty do

15:   S _i← first region in 𝒮^f in sorted order

16:   Ⓢ ^f ← {s ₀ ^j ∈ Ⓢ _i : ρ _i ^j < 0}

17:   θ′ ← safeguardedSimulatedAnneling(Ⓢ ^f, Ⓢ ^s, θ, λ, σ, τ, α, Q) ▷ Alg. 1

18:   if θ′ ≠ θ then ▷ new control policy identified

19:    for each S _k ∈ 𝒮^f do ▷ re-evaluate robustness

20:    for each ${s}_{0}^{j}\in S_{k} {\bf do}$

21:      ρ _k ^j ← rob_{f, ϕ}(s ₀ ^j ,π _θ′)

22:    end for

23:   end for

24:   Sort 𝒮^f in decreasing order of $\sum _{j}\,{\rho }_{k}^{j}$ of each S _k

25:   𝒮′ ← {S _k ∈ 𝒮^f: min_j ρ _k ^j ≥ 0} ▷ newly repaired regions

26:   𝒮^f ← 𝒮^f \ 𝒮′, 𝒮^s ← 𝒮^s ∪ 𝒮′

27:    $\hat{S}^{{\rm s}}\leftarrow \bigcup _{{S_{k}}\in {\cal{S}^{{\rm s}}}}\,\hat{S}_{k}$ , θ ← θ′

28:  end if

29: end while

30: for each $S_{i}\,{\bf do}$

31:   v′_i ← ver_{f, ϕ}(S _i,π _θ)

32: end for

Algorithm 2 can be divided into three parts: preparation (lines 1–13), main repair loop (lines 14–29) and final verification (lines 30–32). In the preparation phase, each initial state region S _i is verified under the current control policy π _θ by calling the sound but incomplete verifier ver_{f, ϕ}. This step can be parallelized by individual regions. At lines 4-9, we uniformly sample K initial states from each region S _i to form a finite set, to estimate the energy function via Monte Carlo integrals. The robustness of each sampled initial state is evaluated at line 7. This sampling and robustness computation can also be parallelized.

The regions and states to be protected are defined in lines 11 and 12, respectively, while the regions to be repaired are defined in line 12. As a final preparation step, we sort the to-be-repaired regions by decreasing order of average sampled robustness, since we expect regions with high robustness to be easier to repair.

In the main repair loop from lines 14 to 29, we first select the next failed region to repair (line 14) and identify which of its sampled states in Ⓢ _i fail to accomplish the task. These states then get repaired by the safeguarded simulated annealing (Algorithm 1 called at line 17). After simulated annealing, we check whether a new policy is obtained.

If we have a new policy, the robustness of the sampled states in the remaining to-be-repaired regions is evaluated again (lines 19–23), and the regions are sorted based on the evaluation (line 24). Repairing a region S _i may also repair other regions, so we identify all the repaired regions as 𝒮′ (line 25). These regions are taken away from the to-be-repaired regions and added to the to-be-protected ones (line 26), so that we safeguard both the previously verified regions and the newly repaired ones.

Finally, after the repair is done, we rerun the verifier at lines 30–32 to obtain the final verification results. The verifier is not called during the repair procedure because it is generally expensive compared to computing robustness on individual sampled states.

We identify two potential challenges in the execution of Algorithm 2. First, there may exist a protected region that does not pass verification at the end. We could increase the number of protected sampled states (larger K) in that region or adjust the balance factor λ. However, we did not encounter this issue during case studies. Second, the main repair loop can take a long time. In practice, this loop can be terminated early when the repairing speed is slow, i.e., very few to no additional regions are repaired and removed at line 26. This observation implies that θ has converged.

Scalability analysis

Here, we analyze the scalability of ISAR with respect to the complexities of the policy NN and dynamics equations. In Algorithm 2, the subroutine with dominant computational overhead is evaluating the STL robustness function rob_{f, ϕ}. Therefore, we start by analyzing the complexity of this evaluation.

Evaluating the STL robustness of specification ϕ requires computing a trajectory in the simulator. Let T denote the total time steps required for simulation, each time step consisting of two parts: (1) a forward pass on the policy NN π _θ to obtain action on the current state, i.e., a _t = π _θ(s _t), and (2) a state update via the dynamics, i.e., s _{t + 1} = f(s _t,a _t).

For the forward pass, we consider a NN-based policy π: S ↦ A implemented by a fully connected multi-layer perceptron (MLP), which is

(18) $$\eqalign{\pi (s_{t})\colon & & =\alpha _{P}(w_{P}\cdot \alpha _{P-1}(w_{P-1}\cdot \alpha _{P-2}(\ldots \alpha _{1}(w_{1}\cdot s_{t}\,+b_{1})\ldots )\cr & & \,\,\,\,\,+b_{P-1})+b_{P})}$$

where P is the total number of layers, and α _i, w _i, b _i are the activation function, weight and bias of the i-th layer, respectively. If we denote the state space dimension as N ₀ = N _s and action space dimension as N _P = N _a, and the number of neurons at each hidden layer i as N _i, we are able to analyze complexity in number of scalar multiplications. At a hidden layer i, the N _i × N _{i − 1}-dimensional weight matrix multiplies with the N _{i − 1}-dimensional embedding, resulting in O(N _{i − 1} N _i) scalar multiplications. Hence, the forward pass complexity is

(19) $$O\left(N_{0}N_{1}\right)+O\left(N_{1}N_{2}\right)+\ldots +O\left(N_{P-1}N_{P}\right)=O\left({\sum }_{i=1}^{P}\,N_{i-1}N_{i}\right).$$

Assuming the maximum number of neurons per hidden layer is N, we have

(20) $$O\left( {\sum _{i = 1}^P{\mkern 1mu} {N_{i - 1}}{N_i}} \right) = O\left( {{N_0}N + N{N_P} + \left( {P - 1} \right){N^2}} \right) = O\left( {P{N^2}} \right)$$

The other half of the computation in one simulation step is the state update with dynamics f: S × A ↦ S. Here, we consider a polynomial dynamics f of degree D, as various nonlinear dynamics can be approximated by polynomials (Ivanov et al., Reference Ivanov, Carpenter, Weimer, Alur, Pappas and Lee2021). Recall that every state s _t is a vector of N _s elements, and every action a _t is a vector of N _a elements. We use s _i,t and a _{i, t} to denote the i-th dimension of state s _t and action a _t, respectively. That is, s _t = (s _{1, t},…, s _{N s, t}) and a _t = (a _{1, t},…, a _{N a, t}). The general form of a D-th degree polynomial dynamics can be expressed as N _s scalar functions, f ₁, …, f _{N s} , each computes one state dimension, as follows.

(21) $$f_{i}\left(s_{t},a_{t}\right)=\sum \,c_{\beta ,\gamma }{s}_{1,t}^{\beta _{1}}\ldots {s}_{N_{s},t}^{\beta _{{N_{s}}}}{a}_{1,t}^{\gamma _{1}}\ldots {a}_{N_{a},t}^{\gamma _{{N_{a}}}},{\rm \ for\ }i=1,\ldots N_{s}.$$

Equation (21) is a summation of scalar monomials. In this equation, the superscripts are integer exponents, denoted as β _i and γ _i, satisfying ${\sum }_{i=1}^{N_{s}}\,\beta _{i}+{\sum }_{i=1}^{N_{a}}\,\gamma _{i}\leq D$ , and c _{β, γ} is some real-valued coefficient of a monomial.

To analyze the complexity of evaluating a D-th degree polynomial dynamics, we first find the number of monomials, which is

(22) $$\left( {\matrix{ {{N_s} + {N_a} + D} \hfill \cr \;\;\;\;\;\;\;D \hfill \cr } } \right) = {{({N_s} + {N_a} + D)!} \over {D!({N_s} + {N_a})!}}.$$

With binomial approximation, we have

(23) $$\left( {\matrix{ {{N_s} + {N_a} + D} \hfill \cr \;\;\;\;\;\;\;D \hfill \cr } } \right) \approx {\left( {{N_s} + {N_a}} \right)^D}.$$

Recall that all these monomials compute f _i, which computes one scalar state variable in s _{t + 1}. Therefore, the total time complexity, in number of scalar multiplications, of computing a state update in a general degree-d polynomial dynamics is

(24) $${N_s}\left( {\matrix{ {{N_s} + {N_a} + D} \hfill \cr \;\;\;\;\;\;\;D \hfill \cr } } \right) = O\left( {{N_s}{{\left( {{N_s} + {N_a}} \right)}^D}} \right).$$

Now we have the complexity of evaluating a forward pass in Equation (20) and dynamics in Equation (24). These computations have to run for each of the T steps. Therefore, running a simulation to generate a trajectory takes O(T(PN ²+N _s(N _s+N _a) ^D )). When evaluating STL robustness for some specification ϕ, we compute max, min and other O(1) arithmetic operations along the simulation. Therefore, evaluating STL robustness also has a time complexity of O(T(PN ²+N _s(N _s+N _a) ^D )).

The analysis above results in the following proposition.

Proposition 2 (Complexity of ISAR). Let the state space and action space dimensions be N _s and N _a, the dynamics be a D-th degree polynomial, the policy NN have N neurons at max per layer on the P layers, and evaluating the STL robustness requires running the simulation for T steps. We split the initial state space into M regions, sample K initial states per region, and run simulated annealing for Q iterations in Algorithm 1. Then, the computational complexity of ISAR is

(25) $$O(QKM^{2}T(PN^{2}+N_{s}(N_{s}+N_{a})^{D})).$$

Proof. In Algorithm 2, the dominant computation is simulated annealing at line 17. There are at most M regions to be repaired, so the total number of simulated annealing runs is O(M).

Within each simulated annealing, the dominant computation is evaluating the energy function at line 5 in Algorithm 1. This energy function consists of two parts, referring to Equation (13): evaluating STL robustness from 1 to-be-repaired region, and from at most M to-be-preserved regions. In each region, this evaluation is done on K sampled states. Therefore, O(KM) STL robustness evaluation needs to be done to compute the energy function, which is computed for Q times. Therefore, the total number of evaluating STL robustness in simulated annealing is O(QKM).

As ISAR runs O(M) simulated annealing in total, the overall number of evaluations of STL robustness is O(QKM ²). From the complexity analysis above, we know each robustness evaluation costs O(T(PN ²+N _s(N _s+N _a) ^D )). Consequently, the total complexity is O(QKM ² T(PN ²+N _s(N _s+N _a) ^D )).

Based on Proposition 2, we can analyze the scalability of ISAR with respect to various scale factors. First, the time complexity scales linearly with the iterations in simulated annealing Q, the number of samples per region K, the total time steps to evaluate STL robustness T and the number of policy network layers P. Enlarging these factors would impose a linear impact on the total time. Next, we have the total number of regions M and the maximum number of neurons per layer N, which influence the total runtime quadratically. Therefore, the users of ISAR should be cautious when using fine region partitions (large M) or wide embeddings per NN layer (large N). Finally, notice that the complexity scales up with the degree of dynamics D exponentially, and this exponent directly affects the dimensions of state space and action space. Consequently, the best practice would be approximating the dynamics to lower degrees, such as keeping the first 1 to 2 terms of Taylor polynomials.