Specification Patterns for Robotic Missions

Mobile and general-purpose robots increasingly support our everyday life, requiring dependable robotics control software. Creating such software mainly amounts to implementing their complex behaviors known as missions. Recognizing the need, a large number of domain-specific specification languages has been proposed. These, in addition to traditional logical languages, allow the use of formally specified missions for synthesis, verification, simulation, or guiding the implementation. For instance, the logical language LTL is commonly used by experts to specify missions, as an input for planners, which synthesize the behavior a robot should have. Unfortunately, domain-specific languages are usually tied to specific robot models, while logical languages such as LTL are difficult to use by non-experts. We present a catalog of 22 mission specification patterns for mobile robots, together with tooling for instantiating, composing, and compiling the patterns to create mission specifications. The patterns provide solutions for recurrent specification problems, each of which detailing the usage intent, known uses, relationships to other patterns, and---most importantly---a template mission specification in temporal logic. Our tooling produces specifications expressed in the LTL and CTL temporal logics to be used by planners, simulators, or model checkers. The patterns originate from 245 realistic textual mission requirements extracted from the robotics literature, and they are evaluated upon a total of 441 real-world mission requirements and 1251 mission specifications. Five of these reflect scenarios we defined with two well-known industrial partners developing human-size robots. We validated our patterns' correctness with simulators and two real robots

Supporting the migration towards model-driven robotic systems

Robots are increasingly deployed to perform every-day tasks. It is crucial to implement reliable and reusable systems to reduce development effort. The complexity of robotic systems requires the collaboration of experts from different backgrounds. Therefore, clear and communicatable abstraction of components is essential for successful development process. There has been a demand in the community for increased adoption of software engineering approaches to support better robotic systems. Adopting model-driven approaches has been proved successful in supporting this movement. We aim to support the adaptation of model-driven approaches in robotic domain in three interest areas: behavior models, structural models and guaranteeing confidence in system behavior.The overall goal is to support the creation of reusable, verifiable and easy to communicate robotic missions and systems. To achieve that, we conducted a mix of knowledge-seeking and solution-seeking studies. We started with behavior models. We wanted to build knowledge about used behavior models in practice. We investigated the state-of-practice of an emerging behavior model, behavior trees, in comparison to two standardized UML models and a traditional roboticists choice. Moving to the second interest area, we wanted to support the creation of light-weight tools for building an understanding of system structure using feature models. We conducted a pilot evaluation of an already light-weight tool, called FeatureVista. The final interest area was guaranteeing confidence in system behavior. The usual engineering process of self-adaptive controllers in robotic involves different model-based approaches. We wanted to investigate an approach that reaffirm, at code-level, control properties while keeping the usual engineering process. We investigated an approach for mapping control properties to software ones using an appropriate input format for software model-based checking.Our investigations in the different interest areas have built knowledge and shed light on opportunities. We provided characteristics of behavior models, behavior trees and state machines, in popular robotic implementations and highlighted opportunities for improvements. We also provided usage trend for studied implementations in open-source projects. In addition, we provided corestructural characteristic and code-reuse patterns for studied behavior models in open-source projects. For feature models, our results showed promising results for using an interactive tool that provides an easy and initiative navigation between feature models and software components. Improvement aspects were also highlighted for developing similar tools. Finally, our work for the confidence of system behavior showed promising results in reaffirming the correctness of a control property at code-level using appropriate software notation, specification patterns. Also, our approach allowed keeping the current practices of using model-based approaches in self-adaptive robotic systems

Specification Patterns for Robotic Missions

Mobile and general-purpose robots increasingly support our everyday life, requiring dependable robotics control software. Creating such software mainly amounts to implementing their complex behaviors known as missions. Recognizing this need, a large number of domain-specific specification languages has been proposed. These, in addition to traditional logical languages, allow the use of formally specified missions for synthesis, verification, simulation or guiding implementation. For instance, the logical language LTL is commonly used by experts to specify missions as an input for planners, which synthesize the behavior a robot should have. Unfortunately, domain-specific languages are usually tied to specific robot models, while logical languages such as LTL are difficult to use by non-experts. We present a catalog of 22 mission specification patterns for mobile robots, together with tooling for instantiating, composing, and compiling the patterns to create mission specifications. The patterns provide solutions for recurrent specification problems, each of which detailing the usage intent, known uses, relationships to other patterns, and-most importantly-a template mission specification in temporal logic. Our tooling produces specifications expressed in the temporal logics LTL and CTL to be used by planners, simulators or model checkers. The patterns originate from 245 realistic textual mission requirements extracted from the robotics literature, and they are evaluated upon a total of 441 real-world mission requirements and 1251 mission specifications. Five of these reflect scenarios we defined with two well-known industrial partners developing human-size robots. We validated our patterns' correctness with simulators and two different types of real robots

Programming Robots for Activities of Everyday Life

Text-based programming remains a challenge to novice programmers in\ua0all programming domains including robotics. The use of robots is gainingconsiderable traction in several domains since robots are capable of assisting\ua0humans in repetitive and hazardous tasks. In the near future, robots willbe used in tasks of everyday life in homes, hotels, airports, museums, etc.\ua0However, robotic missions have been either predefined or programmed usinglow-level APIs, making mission specification task-specific and error-prone.\ua0To harness the full potential of robots, it must be possible to define missionsfor specific applications domains as needed. The specification of missions of\ua0robotic applications should be performed via easy-to-use, accessible ways, and\ua0at the same time, be accurate, and unambiguous. Simplicity and flexibility in\ua0programming such robots are important, since end-users come from diverse\ua0domains, not necessarily with suffcient programming knowledge.The main objective of this licentiate thesis is to empirically understand the\ua0state-of-the-art in languages and tools used for specifying robot missions byend-users. The findings will form the basis for interventions in developing\ua0future languages for end-user robot programming.During the empirical study, DSLs for robot mission specification were\ua0analyzed through published literature, their websites, user manuals, samplemissions and using the languages to specify missions for supported robots.After extracting data from 30 environments, 133 features were identified.\ua0A feature matrix mapping the features to the environments was developedwith a feature model for robotic mission specification DSLs.Our results show that most end-user facing environments exist in the\ua0education domain for teaching novice programmers and STEM subjects. Mostof the visual languages are developed using Blockly and Scratch libraries.\ua0The end-user domain abstraction needs more work since most of the visualenvironments abstract robotic and programming language concepts but not\ua0end-user concepts. In future works, it is important to focus on the development\ua0of reusable libraries for end-user concepts; and further, explore how end-user\ua0facing environments can be adapted for novice programmers to learn\ua0general programming skills and robot programming in low resource settings\ua0in developing countries, like Uganda

Designing Trustworthy Autonomous Systems

The design of autonomous systems is challenging and ensuring their trustworthiness can have different meanings, such as i) ensuring consistency and completeness of the requirements by a correct elicitation and formalization process; ii) ensuring that requirements are correctly mapped to system implementations so that any system behaviors never violate its requirements; iii) maximizing the reuse of available components and subsystems in order to cope with the design complexity; and iv) ensuring correct coordination of the system with its environment.Several techniques have been proposed over the years to cope with specific problems. However, a holistic design framework that, leveraging on existing tools and methodologies, practically helps the analysis and design of autonomous systems is still missing. This thesis explores the problem of building trustworthy autonomous systems from different angles. We have analyzed how current approaches of formal verification can provide assurances: 1) to the requirement corpora itself by formalizing requirements with assume/guarantee contracts to detect incompleteness and conflicts; 2) to the reward function used to then train the system so that the requirements do not get misinterpreted; 3) to the execution of the system by run-time monitoring and enforcing certain invariants; 4) to the coordination of the system with other external entities in a system of system scenario and 5) to system behaviors by automatically synthesize a policy which is correct

Using Formal Methods for Autonomous Systems: Five Recipes for Formal Verification

Formal Methods are mathematically-based techniques for software design and engineering, which enable the unambiguous description of and reasoning about a system's behaviour. Autonomous systems use software to make decisions without human control, are often embedded in a robotic system, are often safety-critical, and are increasingly being introduced into everyday settings. Autonomous systems need robust development and verification methods, but formal methods practitioners are often asked: Why use Formal Methods for Autonomous Systems? To answer this question, this position paper describes five recipes for formally verifying aspects of an autonomous system, collected from the literature. The recipes are examples of how Formal Methods can be an effective tool for the development and verification of autonomous systems. During design, they enable unambiguous description of requirements; in development, formal specifications can be verified against requirements; software components may be synthesised from verified specifications; and behaviour can be monitored at runtime and compared to its original specification. Modern Formal Methods often include highly automated tool support, which enables exhaustive checking of a system's state space. This paper argues that Formal Methods are a powerful tool for the repertoire of development techniques for safe autonomous systems, alongside other robust software engineering techniques.Comment: Accepted at Journal of Risk and Reliabilit

Symmetry Reduction Enables Model Checking of More Complex Emergent Behaviours of Swarm Navigation Algorithms

The emergent global behaviours of robotic swarms are important to achieve their navigation task goals. These emergent behaviours can be verified to assess their correctness, through techniques like model checking. Model checking exhaustively explores all possible behaviours, based on a discrete model of the system, such as a swarm in a grid. A common problem in model checking is the state-space explosion that arises when the states of the model are numerous. We propose a novel implementation of symmetry reduction, in the form of encoding navigation algorithms relatively with respect to a reference, based on the symmetrical properties of swarms in grids. We applied the relative encoding to a swarm navigation algorithm, Alpha, modelled for the NuSMV model checker. A comparison of the state-space and verification results with an absolute (or global) and a relative encoding of the Alpha algorithm highlights the advantages of our approach, allowing model checking larger grid sizes and number of robots, and consequently, verifying more complex emergent behaviours. For example, a property was verified for a grid with 3 robots and a maximum allowed size of 8x8 cells in a global encoding, whereas this size was increased to 16x16 using a relative encoding. Also, the time to verify a property for a swarm of 3 robots in a 6x6 grid was reduced from almost 10 hours to only 7 minutes. Our approach is transferable to other swarm navigation algorithms.Comment: Accepted for presentation in Towards Autonomous Robotic Systems (TAROS) 2015, Liverpool, U

Formal synthesis of control and communication schemes

Thesis (Ph.D.)--Boston UniversityIn traditional motion planning, the problem is simply specified as "go from A to B while avoiding obstacles", where A and B are two configurations or regions of interest in the robot workspace. However, a large number of robotic applications require more expressive specification languages, which allow for logical and temporal statements about the satisfaction of properties of interest. Examples include "visit A and B infinitely often, always avoid C, and do not visit D unless E vas visited before". Such task specifications cannot be trivially converted to a sequence of "go from A to B" primitives. This thesis establishes theoretical and computational frameworks for automatic synthesis of robot control and communication schemes that are correct-by-construction from task specifications given in expressive languages. We consider a purely discrete scenario, in which the dynamics of each robot is modeled as a finite discrete system. The first problem addressed in this thesis is the generation of provably-correct individual control and communication strategies for a team of robots from rich task specifications in the case when the workspace is static. The second problem relaxes this assumption and considers a scenario in which the environment changes according to some unknown patterns. It proposed a combined learning and formal synthesis approach to generate correct control policies. To tackle the first problem, we draw inspirations from the research fields of formal verification and synthesis, distributed formal synthesis, and concurrency theory. We consider a team of robots that can move among the regions of a partitioned environment and have known capabilities of servicing a set of requests that can occur in the regions of the partition. Some of these requests can be serviced by a robot individually, while some require the cooperation of groups of robots. We propose a top-down approach, in which global specifications given as Regular Expressions (RE) or Linear Temporal Logics (LTL) can be decomposed into local (individual) specifications, which can then be used to automatically synthesize robot control and communication strategies. To address the second problem, we bring together automata learning methods from the field of theoretical linguistics and techniques from temporal logic games and probabilistic model checking, to develop a provably-correct control strategy for robots moving in an environment with unknown dynamics. The robots are required to achieve a surveillance mission, in which a certain request needs to be serviced repeatedly, while the expected time in between consecutive services is minimized and additional temporal logic constraints are satisfied. We define a fragment of Linear Temporal Logic (LTL) to describe such a mission. We consider a single agent case at first and then extend the results to multi-agent systems. To this end, we apply approximate dynamic programming to our computational framework, which leads to significant reduction of computational time. To demonstrate the proposed theoretical and computational frameworks, we implement the derived algorithms in two experimental platforms, the Robotic Urban-Like Environment (RULE) and the Robotic InDoor-like Environment (RIDE). We assign tasks to the team using Regular Expressions or Linear Temporal Logics over requests occurring at regions in the environment. The robots are automatically deployed to complete the missions