3,691 research outputs found
SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems
The recent drive towards achieving greater autonomy and intelligence in
robotics has led to high levels of complexity. Autonomous robots increasingly
depend on third party off-the-shelf components and complex machine-learning
techniques. This trend makes it challenging to provide strong design-time
certification of correct operation.
To address these challenges, we present SOTER, a robotics programming
framework with two key components: (1) a programming language for implementing
and testing high-level reactive robotics software and (2) an integrated runtime
assurance (RTA) system that helps enable the use of uncertified components,
while still providing safety guarantees. SOTER provides language primitives to
declaratively construct a RTA module consisting of an advanced,
high-performance controller (uncertified), a safe, lower-performance controller
(certified), and the desired safety specification. The framework provides a
formal guarantee that a well-formed RTA module always satisfies the safety
specification, without completely sacrificing performance by using higher
performance uncertified components whenever safe. SOTER allows the complex
robotics software stack to be constructed as a composition of RTA modules,
where each uncertified component is protected using a RTA module.
To demonstrate the efficacy of our framework, we consider a real-world
case-study of building a safe drone surveillance system. Our experiments both
in simulation and on actual drones show that the SOTER-enabled RTA ensures the
safety of the system, including when untrusted third-party components have bugs
or deviate from the desired behavior
Recommended from our members
Modular and Safe Event-Driven Programming
Asynchronous event-driven systems are ubiquitous across domains such as device drivers, distributed systems, and robotics. These systems are notoriously hard to get right as the programmer needs to reason about numerous control paths resulting from the complex interleaving of events (or messages) and failures. Unsurprisingly, it is easy to introduce subtle errors while attempting to fill in gaps between high-level system specifications and their concrete implementations.This dissertation proposes new methods for programming safe event-driven asynchronous systems.In the first part of the thesis, we present ModP, a modular programming framework for compositional programming and testing of event-driven asynchronous systems.The ModP module system supports a novel theory of compositional refinement for assume-guarantee reasoning of dynamic event-driven asynchronous systems. We build a complex distributed systems software stack using ModP.Our results demonstrate that compositional reasoning can help scale model-checking (both explicit and symbolic) to large distributed systems.ModP is transforming the way asynchronous software is built at Microsoft and Amazon Web Services (AWS). Microsoft uses ModP for implementing safe device drivers and other software in the Windows kernel.AWS uses ModP for compositional model checking of complex distributed systems. While ModP simplifies analysis of such systems, the state space of industrial-scale systems remains extremely large.In the second part of this thesis, we present scalable verification and systematic testing approaches to further mitigate this state-space explosion problem.First, we introduce the concept of a delaying explorer to perform prioritized exploration of the behaviors of an asynchronous reactive program. A delaying explorer stratifies the search space using a custom strategy (tailored towards finding bugs faster), and a delay operation that allows deviation from that strategy. We show that prioritized search with a delaying explorer performs significantly better than existing approaches for finding bugs in asynchronous programs.Next, we consider the challenge of verifying time-synchronized systems; these are almost-synchronous systems as they are neither completely asynchronous nor synchronous.We introduce approximate synchrony, a sound and tunable abstraction for verification of almost-synchronous systems. We show how approximate synchrony can be used for verification of both time-synchronization protocols and applications running on top of them.Moreover, we show how approximate synchrony also provides a useful strategy to guide state-space exploration during model-checking.Using approximate synchrony and implementing it as a delaying explorer, we were able to verify the correctness of the IEEE 1588 distributed time-synchronization protocol and, in the process, uncovered a bug in the protocol that was well appreciated by the standards committee.In the final part of this thesis, we consider the challenge of programming a special class of event-driven asynchronous systems -- safe autonomous robotics systems.Our approach towards achieving assured autonomy for robotics systems consists of two parts: (1) a high-level programming language for implementing and validating the reactive robotics software stack; and (2) an integrated runtime assurance system to ensure that the assumptions used during design-time validation of the high-level software hold at runtime.Combining high-level programming language and model-checking with runtime assurance helps us bridge the gap between design-time software validation that makes assumptions about the untrusted components (e.g., low-level controllers), and the physical world, and the actual execution of the software on a real robotic platform in the physical world. We implemented our approach as DRONA, a programming framework for building safe robotics systems.We used DRONA for building a distributed mobile robotics system and deployed it on real drone platforms. Our results demonstrate that DRONA (with the runtime-assurance capabilities) enables programmers to build an autonomous robotics software stack with formal safety guarantees.To summarize, this thesis contributes new theory and tools to the areas of programming languages, verification, systematic testing, and runtime assurance for programming safe asynchronous event-driven across the domains of fault-tolerant distributed systems and safe autonomous robotics systems
Beyond Reynolds: A Constraint-Driven Approach to Cluster Flocking
In this paper, we present an original set of flocking rules using an
ecologically-inspired paradigm for control of multi-robot systems. We translate
these rules into a constraint-driven optimal control problem where the agents
minimize energy consumption subject to safety and task constraints. We prove
several properties about the feasible space of the optimal control problem and
show that velocity consensus is an optimal solution. We also motivate the
inclusion of slack variables in constraint-driven problems when the global
state is only partially observable by each agent. Finally, we analyze the case
where the communication topology is fixed and connected, and prove that our
proposed flocking rules achieve velocity consensus.Comment: 6 page
Synthesis of Switching Protocols from Temporal Logic Specifications
We propose formal means for synthesizing switching protocols that determine the sequence in which the modes of a switched system are activated to satisfy certain high-level specifications in linear temporal logic. The synthesized protocols are robust against exogenous disturbances on the continuous dynamics. Two types of finite transition systems, namely under- and over-approximations, that abstract the behavior of the underlying continuous dynamics are defined. In particular, we show that the discrete synthesis problem for an under-approximation can be formulated as a model checking problem, whereas that for an over-approximation can be transformed into a two-player game. Both of these formulations are amenable to efficient, off-the-shelf software tools. By construction, existence of a discrete switching strategy for the discrete synthesis problem guarantees the existence of a continuous switching protocol for the continuous synthesis problem, which can be implemented at the continuous level to ensure the correctness of the nonlinear switched system. Moreover, the proposed framework can be straightforwardly extended to accommodate specifications that require reacting to possibly adversarial external events. Finally, these results are illustrated using three examples from different application domains
Coordination of Multirobot Systems Under Temporal Constraints
Multirobot systems have great potential to change our lives by increasing efficiency or decreasing costs in many applications, ranging from warehouse logistics to construction. They can also replace humans in dangerous scenarios, for example in a nuclear disaster cleanup mission. However, teleoperating robots in these scenarios would severely limit their capabilities due to communication and reaction delays. Furthermore, ensuring that the overall behavior of the system is safe and correct for a large number of robots is challenging without a principled solution approach. Ideally, multirobot systems should be able to plan and execute autonomously. Moreover, these systems should be robust to certain external factors, such as failing robots and synchronization errors and be able to scale to large numbers, as the effectiveness of particular tasks might depend directly on these criteria. This thesis introduces methods to achieve safe and correct autonomous behavior for multirobot systems.
Firstly, we introduce a novel logic family, called counting logics, to describe the high-level behavior of multirobot systems. Counting logics capture constraints that arise naturally in many applications where the identity of the robot is not important for the task to be completed. We further introduce a notion of robust satisfaction to analyze the effects of synchronization errors on the overall behavior and provide complexity analysis for a fragment of this logic.
Secondly, we propose an optimization-based algorithm to generate a collection of robot paths to satisfy the specifications given in counting logics. We assume that the robots are perfectly synchronized and use a mixed-integer linear programming formulation to take advantage of the recent advances in this field. We show that this approach is complete under the perfect synchronization assumption. Furthermore, we propose alternative encodings that render more efficient solutions under certain conditions. We also provide numerical results that showcase the scalability of our approach, showing that it scales to hundreds of robots.
Thirdly, we relax the perfect synchronization assumption and show how to generate paths that are robust to bounded synchronization errors, without requiring run-time communication. However, the complexity of such an approach is shown to depend on the error bound, which might be limiting. To overcome this issue, we propose a hierarchical method whose complexity does not depend on this bound. We show that, under mild conditions, solutions generated by the hierarchical method can be executed safely, even if such a bound is not known.
Finally, we propose a distributed algorithm to execute multirobot paths while avoiding collisions and deadlocks that might occur due to synchronization errors. We recast this problem as a conflict resolution problem and characterize conditions under which existing solutions to the well-known drinking philosophers problem can be used to design control policies that prevents collisions and deadlocks. We further provide improvements to this naive approach to increase the amount of concurrency in the system. We demonstrate the effectiveness of our approach by comparing it to the naive approach and to the state-of-the-art.PHDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/162921/1/ysahin_1.pd
A Method for Multi-Robot Asynchronous Trajectory Execution in MoveIt2
This work presents an extension to the MoveIt2 planning library supporting
asynchronous execution for multi-robot / multi-arm robotic setups. The proposed
method introduces a unified way for the execution of both synchronous and
asynchronous trajectories by implementing a simple scheduler and guarantees
collision-free operation by continuous collision checking while the robots are
moving.Comment: Accepted to the "IROS 2023 Workshop on Task and Motion Planning: from
Theory to Practice" -- https://dyalab.mines.edu/2023/iros-workshop
Past, Present, and Future of Simultaneous Localization And Mapping: Towards the Robust-Perception Age
Simultaneous Localization and Mapping (SLAM)consists in the concurrent
construction of a model of the environment (the map), and the estimation of the
state of the robot moving within it. The SLAM community has made astonishing
progress over the last 30 years, enabling large-scale real-world applications,
and witnessing a steady transition of this technology to industry. We survey
the current state of SLAM. We start by presenting what is now the de-facto
standard formulation for SLAM. We then review related work, covering a broad
set of topics including robustness and scalability in long-term mapping, metric
and semantic representations for mapping, theoretical performance guarantees,
active SLAM and exploration, and other new frontiers. This paper simultaneously
serves as a position paper and tutorial to those who are users of SLAM. By
looking at the published research with a critical eye, we delineate open
challenges and new research issues, that still deserve careful scientific
investigation. The paper also contains the authors' take on two questions that
often animate discussions during robotics conferences: Do robots need SLAM? and
Is SLAM solved
Certified Reinforcement Learning with Logic Guidance
This paper proposes the first model-free Reinforcement Learning (RL)
framework to synthesise policies for unknown, and continuous-state Markov
Decision Processes (MDPs), such that a given linear temporal property is
satisfied. We convert the given property into a Limit Deterministic Buchi
Automaton (LDBA), namely a finite-state machine expressing the property.
Exploiting the structure of the LDBA, we shape a synchronous reward function
on-the-fly, so that an RL algorithm can synthesise a policy resulting in traces
that probabilistically satisfy the linear temporal property. This probability
(certificate) is also calculated in parallel with policy learning when the
state space of the MDP is finite: as such, the RL algorithm produces a policy
that is certified with respect to the property. Under the assumption of finite
state space, theoretical guarantees are provided on the convergence of the RL
algorithm to an optimal policy, maximising the above probability. We also show
that our method produces ''best available'' control policies when the logical
property cannot be satisfied. In the general case of a continuous state space,
we propose a neural network architecture for RL and we empirically show that
the algorithm finds satisfying policies, if there exist such policies. The
performance of the proposed framework is evaluated via a set of numerical
examples and benchmarks, where we observe an improvement of one order of
magnitude in the number of iterations required for the policy synthesis,
compared to existing approaches whenever available.Comment: This article draws from arXiv:1801.08099, arXiv:1809.0782
- …