A Formal Safety Net for Waypoint-Following in Ground Robots

We present a reusable formally verified safety net that provides end-to-end safety and liveness guarantees for two-dimensional waypoint-following of Dubins-type ground robots with tolerances and acceleration. First, we model a robot in differential dynamic logic and specify assumptions on the controller and robot kinematics. Second, we prove formal safety and liveness properties for waypoint-following with speed limits. Third, we synthesize a monitor, which is automatically proven to enforce model compliance at runtime. Fourth, our use of the VeriPhy toolchain makes these guarantees carry over down to the level of machine code with untrusted controllers, environments, and plans. The guarantees for the safety net apply to any robot as long as the waypoints are chosen safely and the physical assumptions in its model hold. Experiments show that these assumptions hold in practice, with an inherent tradeoff between compliance and performance.

[1]  Lui Sha,et al.  The Simplex architecture for safe online control system upgrades , 1998, Proceedings of the 1998 American Control Conference. ACC (IEEE Cat. No.98CH36207).

[2]  André Platzer,et al.  Verified Runtime Validation for Partially Observable Hybrid Systems , 2018, ArXiv.

[3]  Calin Belta,et al.  A Fully Automated Framework for Control of Linear Systems from Temporal Logic Specifications , 2008, IEEE Transactions on Automatic Control.

[4]  Ashish Kapoor,et al.  AirSim: High-Fidelity Visual and Physical Simulation for Autonomous Vehicles , 2017, FSR.

[5]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[6]  Ian M. Mitchell,et al.  Safety verification of conflict resolution manoeuvres , 2001, IEEE Trans. Intell. Transp. Syst..

[7]  André Platzer,et al.  VeriPhy: verified controller executables from verified cyber-physical system models , 2018, PLDI.

[8]  Matthias Althoff,et al.  Online Verification of Automated Road Vehicles Using Reachability Analysis , 2014, IEEE Transactions on Robotics.

[9]  André Platzer,et al.  Logical Foundations of Cyber-Physical Systems , 2018, Springer International Publishing.

[10]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[11]  Hadas Kress-Gazit,et al.  LTLMoP: Experimenting with language, Temporal Logic and robot control , 2010, 2010 IEEE/RSJ International Conference on Intelligent Robots and Systems.

[12]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[13]  Richard M. Murray,et al.  Control design for hybrid systems with TuLiP: The Temporal Logic Planning toolbox , 2016, 2016 IEEE Conference on Control Applications (CCA).

[14]  Xin Chen,et al.  A Benchmark Suite for Hybrid Systems Reachability Analysis , 2015, NFM.

[15]  Sanjit A. Seshia,et al.  Combining Model Checking and Runtime Verification for Safe Robotics , 2017, RV.

[16]  André Platzer,et al.  Formal verification of obstacle avoidance and navigation of ground robots , 2016, Int. J. Robotics Res..

[17]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[18]  Ufuk Topcu,et al.  Synthesis of Reactive Switching Protocols From Temporal Logic Specifications , 2013, IEEE Transactions on Automatic Control.

[19]  Paul B. Jackson,et al.  Direct Formal Verification of Liveness Properties in Continuous and Hybrid Dynamical Systems , 2015, FM.

[20]  Wolfram Burgard,et al.  The dynamic window approach to collision avoidance , 1997, IEEE Robotics Autom. Mag..

[21]  Ashish Tiwari,et al.  Switching logic synthesis for reachability , 2010, EMSOFT '10.

[22]  Paulo Tabuada,et al.  Correct-by-Construction Adaptive Cruise Control: Two Approaches , 2016, IEEE Transactions on Control Systems Technology.

[23]  Matthias Althoff,et al.  A Formally Verified Motion Planner for Autonomous Vehicles , 2018, ATVA.

[24]  Eric Goubault,et al.  Formal Verification of Station Keeping Maneuvers for a Planar Autonomous Hybrid System , 2017, FVAV@iFM.