Fault tolerant planning: towards dependable autonomous robots

Complex autonomous robots such as autonomous vehicles or robotic guides are critical systems because their failures could have catastrophic and costly consequences on themselves and their immediate environment, including users and bystanders. Moreover, verification and validation of these systems, that includes decisional software, is a difficult and complex task, requiring high expertise. In practice, despite recent advances in formal verification techniques and intensive testing for autonomous vehicles, it is still not possible to guarantee elimination of all residual development faults. Another way to enhance the confidence placed in such software, is to consider tolerance mechanisms with regards to these faults. This article proposes such an approach for temporal planners which are a major class of decisional software components in complex autonomous systems. The proposed fault tolerance mechanisms focus on residual development faults in planning models and heuristics. They use four complementary detection mechanisms to detect planning errors. Recovery from possible errors is achieved using redundant diversified planning models. We present an implementation of the proposed architecture on an existing autonomous robot software architecture. We also describe a validation framework used to evaluate the cost and efficacy of the fault tolerance mechanisms using real robot software on simulated robot hardware, and fault injection in the declarative planning models. In this framework, the proposed fault tolerant mechanisms are shown to greatly improve the system reliability with no significant impact on performance.

[1]  Pascale Thévenod-Fosse,et al.  Software error analysis: a real case study involving real faults and mutations , 1996, ISSTA '96.

[2]  Tim Menzies,et al.  Verification and Validation and Artificial Intelligence , 2005, Adv. Comput..

[3]  Y. Crouzet,et al.  The SESAME Experience: from Assembly Languages to Declarative Models , 2006, Second Workshop on Mutation Analysis (Mutation 2006 - ISSRE Workshops 2006).

[4]  John Penix,et al.  Using Model Checking to Validate AI Planner Domain Models , 1999 .

[5]  Gerald Steinbauer,et al.  An integrated model-based diagnosis and repair architecture for ROS-based robot systems , 2013, 2013 IEEE International Conference on Robotics and Automation.

[6]  Youmin Zhang,et al.  Bibliographical review on reconfigurable fault-tolerant control systems , 2003, Annu. Rev. Control..

[7]  Lina Khatib,et al.  Mapping temporal planning constraints into timed automata , 2001, Proceedings Eighth International Symposium on Temporal Representation and Reasoning. TIME 2001.

[8]  Sebastian Thrun,et al.  Winning the DARPA Grand Challenge with an AI Robot , 2006, AAAI.

[9]  Ashraf Armoush,et al.  Design patterns for safety-critical embedded systems , 2010 .

[10]  Rob Sherwood,et al.  Using Autonomy Flight Software to Improve Science Return on Earth Observing One , 2005, J. Aerosp. Comput. Inf. Commun..

[11]  Michael R. Lowry,et al.  Formal Analysis of a Space-Craft Controller Using SPIN , 2001, IEEE Trans. Software Eng..

[12]  Enrico Tronci,et al.  Validation and verification issues in a timeline-based planning system , 2010, The Knowledge Engineering Review.

[13]  Farokh B. Bastani,et al.  On the Reliability of AI Planning Software in Real-Time Applications , 1995, IEEE Trans. Knowl. Data Eng..

[14]  David Powell,et al.  Planning with Diversified Models for Fault-Tolerant Robots , 2007, ICAPS.

[15]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[16]  Shibendu Shekhar Roy,et al.  Modeling and Analysis of Fault Tolerant Gait of a Multi-legged Robot Moving on an Inclined Plane , 2014 .

[17]  Alessandro Saffiotti,et al.  Monitoring the execution of robot plans using semantic knowledge , 2008, Robotics Auton. Syst..

[18]  Ola Pettersson,et al.  Execution monitoring in robotics: A survey , 2005, Robotics Auton. Syst..

[19]  Félix Ingrand,et al.  Interleaving Temporal Planning and Execution in Robotics Domains , 2004, AAAI.

[20]  E. Denney,et al.  Verification of autonomous systems for space applications , 2006, 2006 IEEE Aerospace Conference.

[21]  Raja Chatila,et al.  Fault Tolerance in Autonomous Systems: How and How Much? , 2005 .

[22]  Nicola Muscettola,et al.  IDEA: Planning at the Core of Autonomous Reactive Agents , 2002 .

[23]  Fanny Dufossé,et al.  Specifying Safety Monitors for Autonomous Systems Using Model-Checking , 2014, SAFECOMP.

[24]  Manuela Veloso,et al.  Mobile Robot Fault Detection based on Redundant Information Statistics , 2012 .

[25]  A. Goldberg,et al.  Runtime verification for autonomous spacecraft software , 2005, 2005 IEEE Aerospace Conference.

[26]  Rachid Alami,et al.  An Architecture for Autonomy , 1998, Int. J. Robotics Res..

[27]  Lambèr M. M. Royakkers,et al.  A Literature Review on New Robotics: Automation from Love to War , 2015, International Journal of Social Robotics.

[28]  David Powell,et al.  Fault Tolerant Planning for Critical Robots , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[29]  William Whittaker,et al.  Autonomous driving in urban environments: Boss and the Urban Challenge , 2008, J. Field Robotics.

[30]  Malik Ghallab,et al.  Representation and Control in IxTeT, a Temporal Planner , 1994, AIPS.

[31]  Lionel Lapierre,et al.  Enhancing fault tolerance of autonomous mobile robots , 2015, Robotics Auton. Syst..

[32]  Brian Randell,et al.  System structure for software fault tolerance , 1975, IEEE Transactions on Software Engineering.

[33]  Maria Fox,et al.  VAL: automatic plan validation, continuous effects and mixed initiative planning using PDDL , 2004, 16th IEEE International Conference on Tools with Artificial Intelligence.

[34]  Rachid Alami,et al.  Simulation in the LAAS Architecture , 2005 .