Finding safety violations of AI-enabled control systems through the lens of synthesized proxy programs

Author

Jieke SHI, Singapore Management UniversityFollow
Zhou YANG, Singapore Management UniversityFollow
Junda HE, Singapore Management UniversityFollow
Bowen XU
Dongsun KIM
DongGyun HAN
David LO, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

publishedVersion

Publication Date

9-2025

Abstract

Given the increasing adoption of modern AI-enabled control systems, ensuring their safety and reliability has become a critical task in software testing. One prevalent approach to testing control systems is falsification, which aims to find an input signal that causes the control system to violate a formal safety specification using optimization algorithms. However, applying falsification to AI-enabled control systems poses two significant challenges: (1) it requires the system to execute numerous candidate test inputs, which can be time-consuming, particularly for systems with AI models that have many parameters, and (2) multiple safety requirements are typically defined as a conjunctive specification, which is difficult for existing falsification approaches to comprehensively cover.This article introduces Synthify, a falsification framework tailored for AI-enabled control systems, i.e., control systems equipped with AI controllers. Our approach performs falsification in a two-phase process. At the start, Synthify synthesizes a program that implements one or a few linear controllers to serve as a proxy for the AI controller. This proxy program mimics the AI controller’s functionality but is computationally more efficient. Then, Synthify employs the -greedy strategy to sample a promising sub-specification from the conjunctive safety specification. It then uses a Simulated Annealing-based falsification algorithm to find violations of the sampled sub-specification for the control system. To evaluate Synthify, we compare it to PSY-TaLiRo, a state-of-the-art and industrial-strength falsification tool, on eight publicly available control systems. On average, Synthify achieves a 83.5% higher success rate in falsification compared to PSY-TaLiRo with the same budget of falsification trials. Additionally, our method is 12.8 faster in finding a single safety violation than the baseline. The safety violations found by Synthify are also more diverse than those found by PSY-TaLiRo, covering 137.7% more sub-specifications.

Keywords

Falsification, Search-based Testing, AI-enabled Control Systems, Program Synthesis

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Areas of Excellence

Digital transformation

Publication

ACM Transactions on Software Engineering and Methodology

Volume

34

Issue

7

First Page

1

Last Page

35

ISSN

1049-331X

Identifier

10.1145/3715105

Publisher

Association for Computing Machinery (ACM)

Citation

SHI, Jieke; YANG, Zhou; HE, Junda; XU, Bowen; KIM, Dongsun; HAN, DongGyun; and LO, David. Finding safety violations of AI-enabled control systems through the lens of synthesized proxy programs. (2025). ACM Transactions on Software Engineering and Methodology. 34, (7), 1-35.
Available at: https://ink.library.smu.edu.sg/sis_research/10946

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3715105