Experiences in Applying Formal Verification in Robotics

Formal verification efforts in the area of robotics are still comparatively scarce. In this paper we report on our experiences with one such effort, which was concerned with designing, implementing and certifying a safety function for autonomous vehicles and robots. We outline the algorithm which was specifically designed with safety through formal verification in mind, and present our verification methodology, which is based on formal proof and verification using the theorem prover Isabelle. The necessary normative measures that are covered are discussed. The algorithm and our methodology have been certified for use in applications up to SIL 3 of IEC61508-3 by a certification authority. Throughout, issues we recognised as being important for a successful application of formal methods in the domain at hand are highlighted. These pertain to the development process, the abstraction level at which specifications should be formulated, and the interplay between simulation and verification, among others.

[1]  Myla Archer,et al.  RE Theory Meets Software Practice: Lessons from the Software Development Trenches , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[2]  C. A. R. Hoare,et al.  ViewpointRetrospective: an axiomatic basis for computer programming , 2009, CACM.

[3]  Harvey Tuch Formal Verification of C Systems Code , 2009, Journal of Automated Reasoning.

[4]  Jean-Christophe Filliâtre,et al.  Formal Verification of Floating-Point Programs , 2007, 18th IEEE Symposium on Computer Arithmetic (ARITH '07).

[5]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[6]  Alin Albu-Schäffer,et al.  Requirements for Safe Robots: Measurements, Analysis and New Insights , 2009, Int. J. Robotics Res..

[7]  Ana Cavalcanti,et al.  FM 2009: Formal Methods, Second World Congress, Eindhoven, The Netherlands, November 2-6, 2009. Proceedings , 2009, FM.

[8]  K. Madhava Krishna,et al.  Safe proactive plans and their execution , 2006, Robotics Auton. Syst..

[9]  Jan Peleska,et al.  A Unified Approach to Abstract Interpretation, Formal Verification and Testing of C/C++ Modules , 2008, ICTAC.

[10]  Anne Elisabeth Haxthausen,et al.  Theoretical Aspects of Computing - ICTAC 2008, 5th International Colloquium, Istanbul, Turkey, September 1-3, 2008. Proceedings , 2008, ICTAC.

[11]  S. Smith,et al.  Functional Safety Of Programmable Electronic Systems , 1990 .

[12]  Christoph Lüth,et al.  Certifiable Specification and Verification of C Programs , 2009, FM.

[13]  Christoph Lüth,et al.  The Importance of Being Formal , 2009, Electron. Notes Theor. Comput. Sci..

[14]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[15]  Tobias Nipkow,et al.  Isabelle/HOL , 2002, Lecture Notes in Computer Science.

[16]  Dongming Wang,et al.  Automated Deduction in Geometry , 1996, Lecture Notes in Computer Science.

[17]  Randy Johnson,et al.  Engineering the Tokeneer Enclave Protection Software , 2006 .

[18]  Simon Brown,et al.  Overview of IEC 61508. Design of electrical/electronic/programmable electronic safety-related systems , 2000 .

[19]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[20]  Jacques D. Fleuriot,et al.  Mechanical Theorem Proving in Computational Geometry , 2004, Automated Deduction in Geometry.

[21]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[22]  Yannick Moy,et al.  ACSL: ANSI C Specification Language , 2008 .

[23]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.