Fig 7 - uploaded by Ulrik Schultz
Content may be subject to copyright.
Source publication
Safety is a key challenge in robotics, in particular for mobile robots operating in an open and unpredictable environment. Safety certification is desired for commercial robots, but no existing approaches for addressing the safety challenge provide a clearly specified and isolated safety layer, defined in an easily understandable way for facilitati...
Context in source publication
Context 1
... architecture of the software components of a robot using the DeRoS-generated safety node is presented in Fig. 7. The Robot sensors component includes all the sensors of the robot and provides sensor data to the drivers. Following the example from Section 4.1, the figure depicts the drivers for the IMU and Odometry, but other driver-components could exist. Their role is to process the sensor data and to provide specific data messages (like ...
Citations
... Using the theorem prover Coq, the generation process is amenable to formal verification. DeROS [43] permits describing robots' safety rules (and their related corrective actions) and automatically generating a ROS safety monitoring node by integrating these rules with a run-time monitor. Another framework for runtime verification of ROS-based systems is described in [44], which allows generating C++ code for a monitoring node from user-defined properties specified in terms of event sequences. ...
Software development for robotics applications is still a major challenge that becomes even more complex when considering multi-robot systems (MRSs). Such distributed software has to perform multiple cooperating tasks in a well-coordinated manner to avoid unsatisfactory emerging behavior. This paper provides an approach for programming MRSs at a high abstraction level using the programming language X-Klaim. The computation and communication model of X-Klaim, based on multiple distributed tuple spaces, permits coordinating with the same abstractions and mechanisms both intra- and inter-robot interactions of an MRS. This allows developers to focus on MRS behavior, achieving readable, reusable, and maintainable code. The proposed approach can be used in practice by integrating X-Klaim and the popular robotics framework ROS. We demonstrate the feasibility and effectiveness of our approach by (i) showing how it scales when implementing two warehouse scenarios allowing us to reuse most of the code when passing from the simpler to the more enriched scenario and (ii) presenting the results of a few experiments showing that our code introduces a slightly greater but acceptable latency and consumes less memory than the traditional ROS implementation based on Python code.
... Moreover, they introduce a plugin mechanism and list some plugins (e.g., to do model checking) which can be used within HAROS. Declarative Robot Safety (DeRoS) is a DSL [Sorin et al., 2016] to describe monitors which implement safety rules based on ROS topics values. RTAMT4ROS [Ničković and Yamaguchi, 2020] is about integrating Signal Temporal Logic within ROS. ...
Validation and Verification (V&V) of autonomous robotic system software is becoming a critical issue. Among the V&V techniques at our disposal, formal approaches are among the most rigorous and trustworthy ones. Yet, the level of skills and knowledge required to use and deploy formal methods is usually quite high and rare. In this paper, we describe an approach that starts from a regular, but rigorous, framework to specify and deploy robotic software components, which can also automatically synthesize a formal model of these components.
We describe how we can execute the resulting formal model, in place of a traditional implementation, and show how this provides the opportunity to add powerful monitoring and runtime verification capabilities to a system, e.g., to prevent collisions, or trigger an emergency landing. Since the runtime used to execute formal models is specifically designed to be faithful to their semantics, every execution (in the implementation) can be mapped to a trace in the specification. As a result, we can also prove many interesting properties offline, using model-checking techniques. We give several examples, such as properties about schedulability, worst-case traversal time, or mutual exclusion.
We believe that having a consistent workflow, from an initial specification of our system, down to a formal, executable specification is a major advance in robotics and opens the way for verification of functional components of autonomous robots and beyond. We illustrate this claim by describing a complete example based on a genuine drone flight controller.
... This is where the ROS [2] and frameworks that work together with it, such as Gazebo [4], ArduPilot [5], and MAVROS, fit in. Several approaches have investigated verification of ROS [6]- [8], [9], but no approach has looked into going from a formal environment to ROS. By translating the formally verified logic from UPPAAL to ROS, we can visually inspect this logic by deploying it within simulated drone swarms in a controlled physics simulation environment such as Gazebo. ...
Formal verification provides assurance to the modeling and design of robotic applications in executing autonomous operations. With the advancement of technologies, robotic applications have evolved to integrate multiple distributed robots. As a result, the integration of formal verification-based methods to assure the correctness of the interactions between multiple distributed robots has become ever more important. However, going from formally verified models designed in formal environments/software such as UPPAAL to robotic simulation software such as robot operating system (ROS) and Gazebo is time-consuming and prone to human errors. Nonetheless, such a translation from formal to simulation environment is essential for robotic applications that are going to be deployed in the real world, for obvious economical and safety reasons. In this article, we provide our insights into the development of a framework that integrates design and formal verification at a higher level of abstraction and then performing a translation to ROS, focusing on a scenario for distributed drones representing urban air mobility. Through this article, we seek to accelerate the development cycle in transitioning from formally verified systems to simulation.
... This work does not provide the code generator module, thus there is not a complete and automatized transition from the models to the robot code. Adam et al. [18] propose DeROS, a DSL targeting the security and safety of ROS-based systems. Another approach has been proposed by Bettini et al. [19] to leverage the powerfulness of the high-level programming language X-Klaim to deal with the distributed nature of robots' software. ...
Nowadays, Multi-Robot Systems are an emerging research field under the umbrella of Cyber-Physical Systems. They consist of a group of robots that cooperate to accomplish a common mission. Examples of
these systems are present in many application fields, e.g., agriculture, manufacture, industry, military, and health. As a consequence, there exist many frameworks facilitating the development of robotics systems. However, these tools require high skills for programming each robot’s behavior and coordinating the interactions among them, which overall should produce the cooperative behavior of the Multi-Robot System needed to carry out its mission successfully. To address this problem, we propose an approach for high-level modeling the cooperative behavior of Multi-Robot Systems through disciplined use of collaboration diagrams as they are provided by the BPMN 2.0 standard. The definition of our modeling proposal has been driven by ROS2, taken as the reference framework for programming robotics systems, and its DDS implementation for intra- and inter-robot communication. We illustrate the proposed approach through a Multi-Robot System in a smart agriculture scenario.
... Applying formal methods and quality assurance processes to robotics software is not a novel concept. Several approaches have been adapted from general-purpose software engineering [11,[13][14][15][16], while some were tailor-made for this particular domain [17][18][19][20]. Overall, with the increasing investment in robotics research and development, this topic is gaining more and more traction in the community. ...
... At one end of the spectrum, we have approaches based on dynamic analysis, mostly runtime verification. This is a recurrent topic in the literature, e.g., as seen in [17][18][19][20], which demonstrates the efficiency and effectiveness of this technique. It operates on concrete implementations during normal operation and requires only an initial propertyspecification investment. ...
... Most approaches, however, specify properties in such a way that they are close to programming languages. The exception is [17], which provides a relatively high-level specification language. Our approach also includes a high-level property-specification language, but it serves multiple purposes. ...
Software for robotic systems is becoming progressively more complex despite the existence of established software ecosystems like ROS, as the problems we delegate to robots become more and more challenging. Ensuring that the software works as intended is a crucial (but not trivial) task, although proper quality assurance processes are rarely seen in the open-source robotics community. This paper explains how we analyzed and improved a specialized path planner for steep-slope vineyards regarding its software dependability. The analysis revealed previously unknown bugs in the system, with a relatively low property specification effort. We argue that the benefits of similar quality assurance processes far outweigh the costs and should be more widespread in the robotics domain.
... Verification of behavioural properties in ROS is commonly tackled via runtime verification. Some of the most prominent tools are ROSRV [12], ROSMonitoring [13] and DeRoS [14]. The first does not offer a property specification language; properties are programmed manually. ...
... The risk of errors is reduced because the Declarative Robot Safety (DeRoS) declaration controls the automatic generation of all safety-related code. Our model approach directly enables implementationindependent reuse of the safety-relevant part of a robot controller between different versions, since the DeRoS declaration does not need to be changed when the underlying software changes (with the exception that names shared between DeRoS rules and component interfaces must be kept consistent) [14]. Such an approach can be utilized when enforcing safety regulations for unmanned systems or to state and improve system cross-sectional properties, as power unit energy balance, safety and timing or to supervise and organize the behaviour of number of UAV in a fleet system such as UAV swarm when inspecting more than one aircraft for example [15]. ...
... Bogdiukiewicz et al. [BBH + 17] describe how monitors can be formally developed in a step-wise manner using Event-B, an abstract state machine language supporting refinement-based development. RiskStructures provide a bridge between formal risk modelling and the design of monitors in Event-B as shown in [BBH + 17], in the ROS-specific MOP framework [HEZ + 14], or the ROS-based framework proposed in [SLJS16]. ...
Machines, such as mobile robots and delivery drones, incorporate controllers responsible for a task while handling risk (e.g. anticipating and mitigating hazards; and preventing and alleviating accidents). We refer to machines with this capability as risk-aware machines. Risk awareness includes robustness and resilience, and complicates monitoring (i.e., introspection, sensing, prediction), decision making, and control. From an engineering perspective, risk awareness adds a range of dependability requirements to system assurance. Such assurance mandates a correct-by-construction approach to controller design, based on mathematical theory. We introduce RiskStructures, an algebraic framework for risk modelling intended to support the design of safety controllers for risk-aware machines. Using the concept of a risk factor as a modelling primitive, this framework provides facilities to construct, examine, and assure these controllers. We prove desirable algebraic properties of these facilities, and demonstrate their applicability by using them to specify key aspects of safety controllers for risk-aware automated driving and collaborative robots.
... Verification of behavioural properties in ROS is commonly tackled via runtime verification. Some of the most prominent tools are ROSRV [12], ROSMonitoring [13] and DeRoS [14]. The first does not offer a property specification language; properties are programmed manually. ...
... HAROS has been tested on multiple real-world case studies, including academic examples [6] (e.g., TurtleBot2 13 ), commercial products [3] (e.g., Care-O-bot 4 14 ) and industrial robots [7], [15]. Despite its limitations, especially regarding plug-ins based on behavioural properties, we have observed good results, overall. ...
This tool paper presents the High-Assurance ROS (HAROS) framework. HAROS is a framework for the analysis and quality improvement of robotics software developed using the popular Robot Operating System (ROS). It builds on a static analysis foundation to automatically extract models from the source code. Such models are later used to enable other sorts of analyses, such as Model Checking, Runtime Verification, and Property-based Testing. It has been applied to multiple real-world examples, helping developers find and correct various issues.
... В связи со стремительным развитием рынка беспилотных автомобилей и мобильных роботов (МР) задача их безаварийного движения является одной из приоритетных для разработчиков систем управления движением. В основе безаварийного движения лежит исследование рисков возникновения аварийных ситуации на дорогах общего пользования с участием беспилотных средств [1][2][3][4][5][6]. Под аварией в настоящей статье, как и в работах [3][4][5][6], понимается столкновение МР с окружающими его объектами. ...
... по формуле (2). При поступлении спланированной траектории в модуль безопасности блок вычисляет вероятность накрытия мобильным роботом клеток расширенной области r A по формуле (3) и, в итоге, оценивает вероятность столкновения по формуле (4). ...
The report is devoted to the subsystem that allows an autonomous mobile robot to avoid collisions with obstacles while moving along a planned trajectory. The functional diagram of the subsystem as part of the motion control system of a mobile robot is presented. The method is described which makes it possible to assess the probability of collision of a mobile robot with an obstacle. Based on the assessment of the collision probability, an approach to preventing accidents when a mobile robot moves along a trajec-tory is proposed. The description of the software implementation of the subsystem for ensuring the accident free movement of a mobile robot using the obtained estimate of the probability of collision of a mobile robot with an obstacle is given. The model experiment to prevent a collision of a mobile robot with an obstacle was carried out.
