10,892 research outputs found
Specification Patterns for Robotic Missions
Mobile and general-purpose robots increasingly support our everyday life,
requiring dependable robotics control software. Creating such software mainly
amounts to implementing their complex behaviors known as missions. Recognizing
the need, a large number of domain-specific specification languages has been
proposed. These, in addition to traditional logical languages, allow the use of
formally specified missions for synthesis, verification, simulation, or guiding
the implementation. For instance, the logical language LTL is commonly used by
experts to specify missions, as an input for planners, which synthesize the
behavior a robot should have. Unfortunately, domain-specific languages are
usually tied to specific robot models, while logical languages such as LTL are
difficult to use by non-experts. We present a catalog of 22 mission
specification patterns for mobile robots, together with tooling for
instantiating, composing, and compiling the patterns to create mission
specifications. The patterns provide solutions for recurrent specification
problems, each of which detailing the usage intent, known uses, relationships
to other patterns, and---most importantly---a template mission specification in
temporal logic. Our tooling produces specifications expressed in the LTL and
CTL temporal logics to be used by planners, simulators, or model checkers. The
patterns originate from 245 realistic textual mission requirements extracted
from the robotics literature, and they are evaluated upon a total of 441
real-world mission requirements and 1251 mission specifications. Five of these
reflect scenarios we defined with two well-known industrial partners developing
human-size robots. We validated our patterns' correctness with simulators and
two real robots
SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems
The recent drive towards achieving greater autonomy and intelligence in
robotics has led to high levels of complexity. Autonomous robots increasingly
depend on third party off-the-shelf components and complex machine-learning
techniques. This trend makes it challenging to provide strong design-time
certification of correct operation.
To address these challenges, we present SOTER, a robotics programming
framework with two key components: (1) a programming language for implementing
and testing high-level reactive robotics software and (2) an integrated runtime
assurance (RTA) system that helps enable the use of uncertified components,
while still providing safety guarantees. SOTER provides language primitives to
declaratively construct a RTA module consisting of an advanced,
high-performance controller (uncertified), a safe, lower-performance controller
(certified), and the desired safety specification. The framework provides a
formal guarantee that a well-formed RTA module always satisfies the safety
specification, without completely sacrificing performance by using higher
performance uncertified components whenever safe. SOTER allows the complex
robotics software stack to be constructed as a composition of RTA modules,
where each uncertified component is protected using a RTA module.
To demonstrate the efficacy of our framework, we consider a real-world
case-study of building a safe drone surveillance system. Our experiments both
in simulation and on actual drones show that the SOTER-enabled RTA ensures the
safety of the system, including when untrusted third-party components have bugs
or deviate from the desired behavior
Supremica – An integrated environment for verification, synthesis and simulation of discrete event systems
An integrated environment, Supremica, for verification, synthesis and simulation of discrete event systems is presented. The basic model in Supremica is finite automata where the transitions have an associated event together with a guard condition and an action function that updates automata variables. Supremica uses two main approaches to handle large state-spaces. The first approach exploits modularity in order to divide the original problem into many smaller problems that together solve the original problem. The second approach uses an efficient data structure, a binary decision diagram, to symbolically represent the reachable states. Models in Supremica may be simulated in the environment. It is also possible to generate code that implements the behavior of the model using both the IEC 61131 and the IEC 61499 standard
Synthesizing a Lego Forklift Controller in GR(1): A Case Study
Reactive synthesis is an automated procedure to obtain a
correct-by-construction reactive system from a given specification. GR(1) is a
well-known fragment of linear temporal logic (LTL) where synthesis is possible
using a polynomial symbolic algorithm. We conducted a case study to learn about
the challenges that software engineers may face when using GR(1) synthesis for
the development of a reactive robotic system. In the case study we developed
two variants of a forklift controller, deployed on a Lego robot. The case study
employs LTL specification patterns as an extension of the GR(1) specification
language, an examination of two specification variants for execution
scheduling, traceability from the synthesized controller to constraints in the
specification, and generated counter strategies to support understanding
reasons for unrealizability. We present the specifications we developed, our
observations, and challenges faced during the case study.Comment: In Proceedings SYNT 2015, arXiv:1602.0078
Synthesis of Switching Protocols from Temporal Logic Specifications
We propose formal means for synthesizing switching protocols that determine the sequence in which the modes of a switched system are activated to satisfy certain high-level specifications in linear temporal logic. The synthesized protocols are robust against exogenous disturbances on the continuous dynamics. Two types of finite transition systems, namely under- and over-approximations, that abstract the behavior of the underlying continuous dynamics are defined. In particular, we show that the discrete synthesis problem for an under-approximation can be formulated as a model checking problem, whereas that for an over-approximation can be transformed into a two-player game. Both of these formulations are amenable to efficient, off-the-shelf software tools. By construction, existence of a discrete switching strategy for the discrete synthesis problem guarantees the existence of a continuous switching protocol for the continuous synthesis problem, which can be implemented at the continuous level to ensure the correctness of the nonlinear switched system. Moreover, the proposed framework can be straightforwardly extended to accommodate specifications that require reacting to possibly adversarial external events. Finally, these results are illustrated using three examples from different application domains
- …