Embedding Online Runtime Verification for Fault Disambiguation on Robonaut2

Robonaut2 (R2) is a humanoid robot onboard the International Space Station (ISS), performing specialized tasks in collaboration with astronauts. After deployment, R2 developed an unexpected emergent behavior. R2’s inability to distinguish between knee-joint faults (e.g., due to sensor drift versus violated environmental assumptions) began triggering mid-task, safety-preserving freezes-in-place in the confined space of the ISS, preventing further motion until a ground-control operator determines the root-cause and initiates proper corrective action. Runtime verification (RV) algorithms can efficiently disambiguate the temporal signatures of different faults in real-time. However, no previous RV engine can operate within the limited available resources and specialized platform constraints of R2’s hardware architecture. An attempt to deploy the only runtime verification engine designed for embedded flight systems, R2U2, failed due to resource constraints. We present a significant redesign of the core R2U2 algorithms to adapt to severe resource and certification constraints and prove their correctness, time complexity, and space requirements. We further define optimizations enabled by our new algorithms and implement the new version of R2U2. We encode specifications describing real-life faults occurring onboard Robonaut2 using MLTL and detail our process of specification debugging, validation, and refinement. We deploy this new version of R2U2 on Robonaut2, demonstrating successful real-time fault disambiguation and mitigation triggering of R2’s knee-joint faults without false positives.

[1]  Matthew M. Williamson,et al.  Series elastic actuators , 1995, Proceedings 1995 IEEE/RSJ International Conference on Intelligent Robots and Systems. Human Robot Interaction and Cooperative Robots.

[2]  Johann Schumann,et al.  Iowa State University From the SelectedWorks of Kristin Yvonne Rozier 2014 Runtime Observer Pairs and Bayesian Network Reasoners On-board FPGAs : Flight-Certifiable System Health Management for Embedded Systems , 2017 .

[3]  Ken Kennedy,et al.  Redundancy elimination revisited , 2008, 2008 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[4]  Julia Badger,et al.  ROS in Space: A Case Study on Robonaut 2 , 2016 .

[5]  Clare Dixon,et al.  Formal Specification and Verification of Autonomous Robotic Systems , 2018, ACM Comput. Surv..

[6]  Grigore Rosu,et al.  Hardware Runtime Monitoring for Dependable COTS-Based Real-Time Embedded Systems , 2008, 2008 Real-Time Systems Symposium.

[7]  Alessandro Forin,et al.  The Design and Implementation of P2V, An Architecture for Zero-Overhead Online Verification of Software Programs , 2007 .

[8]  Moshe Y. Vardi,et al.  Satisfiability Checking for Mission-Time LTL , 2019, CAV.

[9]  Daniel Kroening,et al.  Formal techniques for effective co-verification of hardware/software co-designs , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[10]  Patrick P. C. Lee,et al.  A lock-free, cache-efficient shared ring buffer for multi-core architectures , 2009, ANCS '09.

[11]  Sébastien Pillement,et al.  Hardware Runtime Verification of a RTOS Kernel: Evaluation Using Fault Injection , 2018, 2018 14th European Dependable Computing Conference (EDCC).

[12]  Johann Schumann,et al.  Temporal-Logic Based Runtime Observer Pairs for System Health Management of Real-Time Systems , 2014, TACAS.

[13]  Julia Badger,et al.  Model-based robotic dynamic motion control for the Robonaut 2 humanoid robot , 2013, 2013 13th IEEE-RAS International Conference on Humanoid Robots (Humanoids).

[14]  Julia Badger,et al.  Advancing Safe Human-Robot Interactions with Robonaut 2 , 2014 .

[15]  Yi Zhang,et al.  ROSRV: Runtime Verification for Robots , 2014, RV.

[16]  Lei Gao,et al.  Oracle Streams: A High Performance Implementation for Near Real Time Asynchronous Replication , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[17]  Thomas A. Henzinger,et al.  A really temporal logic , 1994, JACM.

[18]  Philip Koopman,et al.  A Case Study on Runtime Monitoring of an Autonomous Research Vehicle (ARV) System , 2015, RV.

[19]  Moshe Y. Vardi,et al.  LTL satisfiability checking , 2007, International Journal on Software Tools for Technology Transfer.

[20]  Morgan Quigley,et al.  ROS: an open-source Robot Operating System , 2009, ICRA 2009.

[21]  Johann Schumann,et al.  R2U2: monitoring and diagnosis of security threats for unmanned aerial systems , 2017, Formal Methods in System Design.

[22]  José Proença,et al.  Formal Verification of ROS-Based Robotic Applications Using Timed-Automata , 2017, 2017 IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[23]  John Clemens,et al.  Runtime State Verification on Resource-Constrained Platforms , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[24]  Anthony Cowley,et al.  Towards language-based verification of robot behaviors , 2011, 2011 IEEE/RSJ International Conference on Intelligent Robots and Systems.

[25]  Robert O. Ambrose,et al.  Robonaut 2 - The first humanoid robot in space , 2011, 2011 IEEE International Conference on Robotics and Automation.

[26]  Johann Schumann,et al.  Runtime Analysis with R2U2: A Tool Exhibition Report , 2016, RV.

[27]  Thomas A. Henzinger,et al.  Real-time logics: complexity and expressiveness , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[28]  Thomas A. Henzinger,et al.  Real-Time Logics: Complexity and Expressiveness , 1993, Inf. Comput..

[29]  Ole J. Mengshoel,et al.  Towards Real-Time, On-Board, Hardware-Supported Sensor and Software Health Management for Unmanned Aerial Systems , 2015 .

[30]  Johann Schumann,et al.  R2U2: Tool Overview , 2017, RV-CuBES.

[31]  Kjeld Jensen,et al.  Towards Rule-Based Dynamic Safety Monitoring for Mobile Robots , 2014, SIMPAR.