Verification of Decision Making Software in an Autonomous Vehicle: An Industrial Case Study

Correctness of autonomous driving systems is crucial as\ua0incorrect behaviour may have catastrophic consequences. Many different\ua0hardware and software components (e.g. sensing, decision making, actuation,\ua0and control) interact to solve the autonomous driving task, leading to a level of complexity that brings new challenges for the formal verification\ua0community. Though formal verification has been used to prove\ua0correctness of software, there are significant challenges in transferring\ua0such techniques to an agile software development process and to ensure\ua0widespread industrial adoption. In the light of these challenges, the identification\ua0of appropriate formalisms, and consequently the right verification\ua0tools, has significant impact on addressing them. In this paper, we\ua0evaluate the application of different formal techniques from supervisory\ua0control theory, model checking, and deductive verification to verify existing\ua0decision and control software (in development) for an autonomous\ua0vehicle. We discuss how the verification objective differs with respect tothe choice of formalism and the level of formality that can be applied.\ua0Insights from the case study show a need for multiple formal methods to\ua0prove correctness, the difficulty to capture the right level of abstraction\ua0to model and specify the formal properties for the verification objectives

Building safer robots: Safety driven control

In recent years there has been a concerted effort to address many of the safety issues associated with physical human-robot interaction (pHRI). However, a number of challenges remain. For personal robots, and those intended to operate in unstructured environments, the problem of safety is compounded. In this paper we argue that traditional system design techniques fail to capture the complexities associated with dynamic environments. We present an overview of our safety-driven control system and its implementation methodology. The methodology builds on traditional functional hazard analysis, with the addition of processes aimed at improving the safety of autonomous personal robots. This will be achieved with the use of a safety system developed during the hazard analysis stage. This safety system, called the safety protection system, will initially be used to verify that safety constraints, identified during hazard analysis, have been implemented appropriately. Subsequently it will serve as a high-level safety enforcer, by governing the actions of the robot and preventing the control layer from performing unsafe operations. To demonstrate the effectiveness of the design, a series of experiments have been conducted using a MobileRobots PeopleBot. Finally, results are presented demonstrating how faults injected into a controller can be consistently identified and handled by the safety protection system. © The Author(s) 2012

1. Motivations Safety Analysis of a Medical Robot for Tele-echography

Among many types of medical equipment, ultrasound diagnostic systems are widely used because of their convenience and safety. Performing an ultrasound examination involves good eye-hand coordination and the ability to integrate the acquired information over time and space. Some of these specialized skills may lack in some healthcare centers or for emergency situations. Tele-consultation is therefore an interesting alternative to conventional care. Development of a high performance remote diagnostic system, which enables an expert operator at the hospital to examine a patient at home, in an emergency vehicle or in a remote clinic, may have a very significant added value. Therefore a robotic tele-ultrasound system is proposed in order to realize the examination in small towns or cities without needing highly qualified medical staff. This system fo

Uml Based Fmeca In Risk Analysis

Today, as systems become more and more complex, safety is becoming critical. Reducing the risk to an acceptable level with a complete risk management activity is necessary. This paper more precisely focuses on risk analysis; its demonstrate how the use of a risk analysis technic such as the Failure Modes, Effects and Criticality Analysis (FMECA) can be coupled to a object oriented system modeling process in order to guide the designer to exhaustively consider all potential risk, to increase the system security . For the system model, we chose the UML notation, which is now a standard in system and software engineering

Downloaded from

Braided pneumatic artificial muscles, and in particular the better known type with a double helical braid usually called the McKibben muscle, seem to be at present the best means for motorizing robotarms with artificial muscles. Their ability to develop high maximum force associated with lightness and a compact cylindrical shape, as well as their analogical behavior with natural skeletal muscle were very well emphasized in the 1980s by the development of the Bridgestone “soft robot ” actuated by “rubbertuators”. Recent publications have presented ways for modeling McKibben artificial muscle as well as controlling its highly non-linear dynamic behavior. However, fewer studies have concentrated on analyzing the integration of artificial muscles with robot-arm architectures since the first Bridgestone prototypes were designed. In this paper we present the design of a 7R anthropomorphic robot-arm entirely actuated by antagonisti

Generic Error Model of Human-Robot Interaction

Wrong human-robot interactions are at the origin of severe damages. Safety requirements ask the analysis of these interactions. At first, erroneous interactions have to be identified. In this paper, we propose to use UML (Unified Modeling Language) to specify human robot interaction. Then, generic error models, associated with the message feature provided by UML, are presented. These error models allow interaction errors to be automatically deduced from the modeling of the human-robot interactions. The use of these generic error models is illustrated on a medical robot for teleechography