Safety monitoring for autonomous systems: interactive elicitation of safety rules

Un moniteur de sécurité actif est un mécanisme indépendant qui est responsable de maintenir le système dans un état sûr, en cas de situation dangereuse. Il dispose d'observations (capteurs) et d'interventions (actionneurs). Des règles de sécurité sont synthétisées, à partir des résultats d'une analyse de risques, grâce à l'outil SMOF (Safety MOnitoring Framework), afin d'identifier quelles interventions appliquer quand une observation atteint une valeur dangereuse. Les règles de sécurité respectent une propriété de sécurité (le système reste das un état sûr) ainsi que des propriétés de permissivité, qui assurent que le système peut toujours effectuer ses tâches. Ce travail se concentre sur la résolution de cas où la synthèse échoue à retourner un ensemble de règles sûres et permissives. Pour assister l'utilisateur dans ces cas, trois nouvelles fonctionnalités sont introduites et développées. La première adresse le diagnostique des raisons pour lesquelles une règle échoue à respecter les exigences de permissivité. La deuxième suggère des interventions de sécurité candidates à injecter dans le processus de synthèse. La troisième permet l'adaptation des exigences de permissivités à un ensemble de tâches essentielles à préserver. L'utilisation des ces trois fonctionnalités est discutée et illustrée sur deux cas d'étude industriels, un robot industriel de KUKA et un robot de maintenance de Sterela.An active safety monitor is an independent mechanism that is responsible for keeping the system in a safe state, should a hazardous situation occur. Is has observations (sensors) and interventions (actuators). Safety rules are synthesized from the results of the hazard analysis, using the tool SMOF (Safety MOnitoring Framework), in order to identify which interventions to apply for dangerous observations values. The safety rules enforce a safety property (the system remains in a safe state) and some permissiveness properties, ensuring that the system can still perform its tasks. This work focuses on solving cases where the synthesis fails to return a set of safe and permissive rules. To assist the user in these cases, three new features are introduced and developed. The first one addresses the diagnosis of why the rules fail to fulfill a permissiveness requirement. The second one suggests candidate safety interventions to inject into the synthesis process. The third one allows the tuning of the permissiveness requirements based on a set of essential functionalities to maintain. The use of these features is discussed and illustrated on two industrial case studies, a manufacturing robot from KUKA and a maintenance robot from Sterela

Conference on Intelligent Robotics in Field, Factory, Service, and Space (CIRFFSS 1994), volume 1

The AIAA/NASA Conference on Intelligent Robotics in Field, Factory, Service, and Space (CIRFFSS '94) was originally proposed because of the strong belief that America's problems of global economic competitiveness and job creation and preservation can partly be solved by the use of intelligent robotics, which are also required for human space exploration missions. Individual sessions addressed nuclear industry, agile manufacturing, security/building monitoring, on-orbit applications, vision and sensing technologies, situated control and low-level control, robotic systems architecture, environmental restoration and waste management, robotic remanufacturing, and healthcare applications

Spatio-temporal map maintenance for extending autonomy in long-term mobile robotic tasks

Working in hazardous environments requires routine inspections in order to meet safety standards. Dangerous quantities of nuclear contamination can exist in infinitesimally small volumes. In order to confidently inspect a nuclear environment for radioactive sources, especially those which emit alpha radiation, technicians must carefully maintain detectors at a consistent velocity and distance from a source. Technicians must also take careful records of which areas have been surveyed or not are important so that no area is left unmonitored. This is a difficult, exhausting task when the coverage area is larger than an office space. An autonomous mobile robotic platform with Complete Coverage Path Planning (CCPP) can reduce dangerous exposure to humans and provide better information for Radiological Control Technicians (RCT). The developed robotic system - or RCTbot - is designed for long-term deployment with little human correction, intervention, or maintenance required. To do this, the RCTbot creates a map of the environment, continually updates it based on multiple sensor inputs, and searches its map for contamination. In nuclear environments, the areas of interest often remain spatially constant throughout the duration of an inspection and are considered temporally static. The RCTbot monitors temporally static environments but adapts to dynamic changes over time. It then uses its sensor data to update and maintain its map so no manual human intervention is necessary. The spatio-temporal map maintenance (STMM) is agnostic to the survey type, so the RCTbot system is viable for application domain other than nuclear.Mechanical Engineerin

Third International Symposium on Artificial Intelligence, Robotics, and Automation for Space 1994

The Third International Symposium on Artificial Intelligence, Robotics, and Automation for Space (i-SAIRAS 94), held October 18-20, 1994, in Pasadena, California, was jointly sponsored by NASA, ESA, and Japan's National Space Development Agency, and was hosted by the Jet Propulsion Laboratory (JPL) of the California Institute of Technology. i-SAIRAS 94 featured presentations covering a variety of technical and programmatic topics, ranging from underlying basic technology to specific applications of artificial intelligence and robotics to space missions. i-SAIRAS 94 featured a special workshop on planning and scheduling and provided scientists, engineers, and managers with the opportunity to exchange theoretical ideas, practical results, and program plans in such areas as space mission control, space vehicle processing, data analysis, autonomous spacecraft, space robots and rovers, satellite servicing, and intelligent instruments

Multi-Agent Systems

A multi-agent system (MAS) is a system composed of multiple interacting intelligent agents. Multi-agent systems can be used to solve problems which are difficult or impossible for an individual agent or monolithic system to solve. Agent systems are open and extensible systems that allow for the deployment of autonomous and proactive software components. Multi-agent systems have been brought up and used in several application domains

Automated Validation of State-Based Client-Centric Isolation with TLA ⁺

Clear consistency guarantees on data are paramount for the design and implementation of distributed systems. When implementing distributed applications, developers require approaches to verify the data consistency guarantees of an implementation choice. Crooks et al. define a state-based and client-centric model of database isolation. This paper formalizes this state-based model in, reproduces their examples and shows how to model check runtime traces and algorithms with this formalization. The formalized model in enables semi-automatic model checking for different implementation alternatives for transactional operations and allows checking of conformance to isolation levels. We reproduce examples of the original paper and confirm the isolation guarantees of the combination of the well-known 2-phase locking and 2-phase commit algorithms. Using model checking this formalization can also help finding bugs in incorrect specifications. This improves feasibility of automated checking of isolation guarantees in synthesized synchronization implementations and it provides an environment for experimenting with new designs.</p

Multi-Agent Systems

This Special Issue ""Multi-Agent Systems"" gathers original research articles reporting results on the steadily growing area of agent-oriented computing and multi-agent systems technologies. After more than 20 years of academic research on multi-agent systems (MASs), in fact, agent-oriented models and technologies have been promoted as the most suitable candidates for the design and development of distributed and intelligent applications in complex and dynamic environments. With respect to both their quality and range, the papers in this Special Issue already represent a meaningful sample of the most recent advancements in the field of agent-oriented models and technologies. In particular, the 17 contributions cover agent-based modeling and simulation, situated multi-agent systems, socio-technical multi-agent systems, and semantic technologies applied to multi-agent systems. In fact, it is surprising to witness how such a limited portion of MAS research already highlights the most relevant usage of agent-based models and technologies, as well as their most appreciated characteristics. We are thus confident that the readers of Applied Sciences will be able to appreciate the growing role that MASs will play in the design and development of the next generation of complex intelligent systems. This Special Issue has been converted into a yearly series, for which a new call for papers is already available at the Applied Sciences journal’s website: https://www.mdpi.com/journal/applsci/special_issues/Multi-Agent_Systems_2019

Qualitative Spatial and Temporal Reasoning based on And/Or Linear Programming An approach to partially grounded qualitative spatial reasoning

Acting intelligently in dynamic environments involves anticipating surrounding processes, for example to foresee a dangerous situation or acceptable social behavior. Knowledge about spatial configurations and how they develop over time enables intelligent robots to safely navigate by reasoning about possible actions. The seamless connection of high-level deliberative processes to perception and action selection remains a challenge though. Moreover, an integration should allow the robot to build awareness of these processes as in reality there will be misunderstandings a robot should be able to respond to. My aim is to verify that actions selected by the robot do not violate navigation or safety regulations and thereby endanger the robot or others. Navigation rules specified qualitatively allow an autonomous agent to consistently combine all rules applicable in a context. Within this thesis, I develop a formal, symbolic representation of right-of-way-rules based on a qualitative spatial representation. This cumulative dissertation consists of 5 peer-reviewed papers and 1 manuscript under review. The contribution of this thesis is an approach to represent navigation patterns based on qualitative spatio-temporal representation and the development of corresponding effective sound reasoning techniques. The approach is based on a spatial logic in the sense of Aiello, Pratt-Hartmann, and van Benthem. This logic has clear spatial and temporal semantics and I demonstrate how it allows various navigation rules and social conventions to be represented. I demonstrate the applicability of the developed method in three different areas, an autonomous robotic system in an industrial setting, an autonomous sailing boat, and a robot that should act politely by adhering to social conventions. In all three settings, the navigation behavior is specified by logic formulas. Temporal reasoning is performed via model checking. An important aspect is that a logic symbol, such as \emph{turn left}, comprises a family of movement behaviors rather than a single pre-specified movement command. This enables to incorporate the current spatial context, the possible changing kinematics of the robotic system, and so on without changing a single formula. Additionally, I show that the developed approach can be integrated into various robotic software architectures. Further, an answer to three long standing questions in the field of qualitative spatial reasoning is presented. Using generalized linear programming as a unifying basis for reasoning, one can jointly reason about relations from different qualitative calculi. Also, concrete entities (fixed points, regions fixed in shape and/or position, etc.) can be mixed with free variables. In addition, a realization of qualitative spatial description can be calculated, i.e., a specific instance/example. All three features are important for applications but cannot be handled by other techniques. I advocate the use of And/Or trees to facilitate efficient reasoning and I show the feasibility of my approach. Last but not least, I investigate a fourth question, how to integrate And/Or trees with linear temporal logic, to enable spatio-temporal reasoning

Foundations of Trusted Autonomy

Trusted Autonomy; Automation Technology; Autonomous Systems; Self-Governance; Trusted Autonomous Systems; Design of Algorithms and Methodologie