We study the problem of training and certifying adversarially robust quantized neural networks (QNNs). Quantization is a technique for making neural networks more efficient by running them using low-bit integer arithmetic and is therefore commonly adopted in industry. Recent work has shown that floating-point neural networks that have been verified to be robust can become vulnerable to adversarial attacks after quantization, and certification of the quantized representation is necessary to guarantee robustness. In this work, we present quantization-aware interval bound propagation (QA-IBP), a novel method for training robust QNNs. Inspired by advances in robust learning of non-quantized networks, our training algorithm computes the gradient of an abstract representation of the actual network. Unlike existing approaches, our method can handle the discrete semantics of QNNs. Based on QA-IBP, we also develop a complete verification procedure for verifying the adversarial robustness of QNNs, which is guaranteed to terminate and produce a correct answer. Compared to existing approaches, the key advantage of our verification procedure is that it runs entirely on GPU or other accelerator devices. We demonstrate experimentally that our approach significantly outperforms existing methods and establish the new state-of-the-art for training and certifying the robustness of QNNs.

We study the problem of learning controllers for discrete-time non-linear stochastic dynamical systems with formal reach-avoid guarantees. This work presents the first method for providing formal reach-avoid guarantees, which combine and generalize stability and safety guarantees, with a tolerable probability threshold $p\in[0,1]$ over the infinite time horizon. Our method leverages advances in machine learning literature and it represents formal certificates as neural networks. In particular, we learn a certificate in the form of a reach-avoid supermartingale (RASM), a novel notion that we introduce in this work. Our RASMs provide reachability and avoidance guarantees by imposing constraints on what can be viewed as a stochastic extension of level sets of Lyapunov functions for deterministic systems. Our approach solves several important problems -- it can be used to learn a control policy from scratch, to verify a reach-avoid specification for a fixed control policy, or to fine-tune a pre-trained policy if it does not satisfy the reach-avoid specification. We validate our approach on $3$ stochastic non-linear reinforcement learning tasks.

我们考虑在离散时间非线性随机控制系统中正式验证几乎核实（A.S.）渐近稳定性的问题。在文献中广泛研究确定性控制系统中的验证稳定性，验证随机控制系统中的验证稳定性是一个开放的问题。本主题的少数现有的作品只考虑专门的瞬间形式，或对系统进行限制性假设，使其无法与神经网络策略的学习算法不适用。在这项工作中，我们提出了一种具有两种新颖方面的一般非线性随机控制问题的方法：（a）Lyapunov函数的经典随机扩展，我们使用排名超大地区（RSMS）来证明〜渐近稳定性，以及（B）我们提出一种学习神经网络RSM的方法。我们证明我们的方法保证了系统的渐近稳定性，并提供了第一种方法来获得稳定时间的界限，其中随机Lyapunov功能不。最后，我们在通过神经网络政策的一套非线性随机强化学习环境上通过实验验证我们的方法。

贝叶斯神经网络（BNNS）将分布放在神经网络的重量上，以模拟数据的不确定性和网络的预测。我们考虑在具有无限时间地平线系统的反馈循环中运行贝叶斯神经网络策略时验证安全的问题。与现有的基于样品的方法相比，这是不可用的无限时间地平线设置，我们训练一个单独的确定性神经网络，用作无限时间的地平线安全证书。特别是，我们证明证书网络保证了系统的安全性在BNN重量后部的子集上。我们的方法首先计算安全重量，然后改变BNN的重量后，以拒绝在该组外的样品。此外，我们展示了如何将我们的方法扩展到安全探索的强化学习环境，以避免在培训政策期间的不安全轨迹。我们在一系列加固学习基准上评估了我们的方法，包括非Lyapunovian安全规范。

原则上，将变异自动编码器（VAE）应用于顺序数据提供了一种用于控制序列生成，操纵和结构化表示学习的方法。但是，训练序列VAE具有挑战性：自回归解码器通常可以解释数据而无需使用潜在空间，即后置倒塌。为了减轻这种情况，最新的模型通过将均匀的随机辍学量应用于解码器输入来削弱强大的解码器。从理论上讲，我们表明，这可以消除解码器输入提供的点式互信息，该信息通过利用潜在空间来补偿。然后，我们提出了一种对抗性训练策略，以实现基于信息的随机辍学。与标准文本基准数据集上的均匀辍学相比，我们的目标方法同时提高了序列建模性能和潜在空间中捕获的信息。