Toward a Holistic Approach to Verification and Validation of Autonomous Cognitive Systems

When applying formal verification to a system that interacts with the real world, we must use a model of the environment. This model represents an abstraction of the actual environment, so it is necessarily incomplete and hence presents an issue for system verification. If the actual environment matches the model, then the verification is correct; however, if the environment falls outside the abstraction captured by the model, then we cannot guarantee that the system is well behaved. A solution to this problem consists in exploiting the model of the environment used for statically verifying the system’s behaviour and, if the verification succeeds, using it also for validating the model against the real environment via runtime verification. The article discusses this approach and demonstrates its feasibility by presenting its implementation on top of a framework integrating the Agent Java PathFinder model checker. A high-level Domain Specific Language is used to model the environment in a user-friendly way; the latter is then compiled to trace expressions for both static formal verification and runtime verification. To evaluate our approach, we apply it to two different case studies: an autonomous cruise control system and a simulation of the Mars Curiosity rover.

[1]  Louise A. Dennis,et al.  The MCAPL Framework including the Agent Infrastructure Layer an Agent Java Pathfinder , 2018, J. Open Source Softw..

[2]  Davide Ancona,et al.  Distributed Runtime Verification of JADE and Jason Multiagent Systems with Prolog , 2014, CILC.

[3]  Angelo Ferrando,et al.  Timed Trace Expressions , 2019, CILC.

[4]  Dino Mandrioli,et al.  Safety Assessment of Collaborative Robotics Through Automated Formal Verification , 2020, IEEE Transactions on Robotics.

[5]  Michael Winikoff,et al.  Towards a framework for certification of reliable autonomous systems , 2020, Autonomous Agents and Multi-Agent Systems.

[6]  Angelo Ferrando,et al.  Coping with Bad Agent Interaction Protocols When Monitoring Partially Observable Multiagent Systems , 2018, PAAMS.

[7]  A. S. Roa,et al.  AgentSpeak(L): BDI agents speak out in a logical computable language , 1996 .

[8]  Michael E. Bratman,et al.  Intention, Plans, and Practical Reason , 1991 .

[9]  Davide Ancona,et al.  Constrained global types for dynamic checking of protocol conformance in multi-agent systems , 2013, SAC '13.

[10]  Angelo Ferrando,et al.  The early bird catches the worm: First verify, then monitor! , 2019, Sci. Comput. Program..

[11]  Angelo Ferrando,et al.  Heterogeneous Verification of an Autonomous Curiosity Rover , 2020, NFM.

[12]  Fausto Giunchiglia,et al.  Model Checking Multiagent Systems , 1998, J. Log. Comput..

[13]  Evelina Lamma,et al.  The SCIFF Abductive Proof-Procedure , 2005, AI*IA.

[14]  Felix Klaedtke,et al.  Runtime Monitoring of Metric First-order Temporal Properties , 2008, FSTTCS.

[15]  George J. Pappas,et al.  Discrete abstractions of hybrid systems , 2000, Proceedings of the IEEE.

[16]  Thomas A. Henzinger,et al.  The benefits of relaxing punctuality , 1991, PODC '91.

[17]  Jianwen Li,et al.  MLTL Benchmark Generation via Formula Progression , 2018, RV.

[18]  Morgan Quigley,et al.  ROS: an open-source Robot Operating System , 2009, ICRA 2009.

[19]  Vincent C. Müller,et al.  Autonomous Cognitive Systems in Real-World Environments: Less Control, More Flexibility and Better Interaction , 2012, Cognitive Computation.

[20]  Sergiy Bogomolov,et al.  Runtime Verification for Hybrid Analysis Tools , 2015, RV.

[21]  Louise A. Dennis,et al.  Gwendolen Semantics: 2017 , 2017 .

[22]  Ron Koymans,et al.  Specifying real-time properties with metric temporal logic , 1990, Real-Time Systems.

[23]  Davide Ancona,et al.  Towards Runtime Monitoring of Node.js and Its Application to the Internet of Things , 2017, ALP4IoT@iFM.

[24]  Luca Franceschini,et al.  RML: runtime monitoring language: a system-agnostic DSL for runtime verification , 2019, Programming.

[25]  Davide Ancona,et al.  Automatic Generation of Self-monitoring MASs from Multiparty Global Session Types in Jason , 2012, DALT.

[26]  Dejan Nickovic,et al.  The first-order logic of signals: keynote , 2018, EMSOFT.

[27]  Angelo Ferrando,et al.  Comparing Trace Expressions and Linear Temporal Logic for Runtime Verification , 2016, Theory and Practice of Formal Methods.

[28]  Thomas A. Henzinger,et al.  Timed Transition Systems , 1991, REX Workshop.

[29]  Nicholas R. Jennings,et al.  Intelligent agents: theory and practice , 1995, The Knowledge Engineering Review.

[30]  Martin Leucker,et al.  Runtime Verification for LTL and TLTL , 2011, TSEM.

[31]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[32]  Michael R. Lowry,et al.  Combining test case generation and runtime verification , 2005, Theor. Comput. Sci..

[33]  Angelo Ferrando,et al.  An Interface for Programming Verifiable Autonomous Agents in ROS , 2020, EUMAS/AT.

[34]  Gerhard Lakemeyer,et al.  Cognitive Robotics , 2008, Handbook of Knowledge Representation.

[35]  A. Prasad Sistla,et al.  Runtime Monitoring of Stochastic Cyber-Physical Systems with Hybrid State , 2011, RV.

[36]  Amir Pnueli,et al.  Applications of Temporal Logic to the Specification and Verification of Reactive Systems: A Survey of Current Trends , 1986, Current Trends in Concurrency.

[37]  Petr Rockai,et al.  From Model Checking to Runtime Verification and Back , 2017, RV.

[38]  Rafael Heitor Bordini,et al.  Verifying Multi-agent Programs by Model Checking , 2006, Autonomous Agents and Multi-Agent Systems.

[39]  Davide Ancona,et al.  Distributed Runtime Verification of JADE Multiagent Systems , 2014, IDC.

[40]  Affan Shaukat,et al.  Agent-Based Autonomous Systems and Abstraction Engines: Theory Meets Practice , 2016, TAROS.

[41]  Angelo Ferrando,et al.  Global Protocols as First Class Entities for Self-Adaptive Agents , 2015, AAMAS.

[42]  Klaus Havelund,et al.  A Tutorial on Runtime Verification , 2013, Engineering Dependable Software Systems.

[43]  Paul Caspi,et al.  Timed regular expressions , 2002, JACM.

[44]  Angelo Ferrando,et al.  Parametric Runtime Verification of Multiagent Systems , 2017, AAMAS.

[45]  Michael Wooldridge,et al.  Programming Multi-Agent Systems in AgentSpeak using Jason (Wiley Series in Agent Technology) , 2007 .

[46]  KoymansRon Specifying real-time properties with metric temporal logic , 1990 .

[47]  Félix Ingrand,et al.  Recent Trends in Formal Validation and Verification of Autonomous Robots Software , 2019, 2019 Third IEEE International Conference on Robotic Computing (IRC).

[48]  Damien Zufferey,et al.  P: safe asynchronous event-driven programming , 2013, PLDI.

[49]  Matthew B. Dwyer,et al.  Automated environment generation for software model checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[50]  Johann Schumann,et al.  Generation of Formal Requirements from Structured Natural Language , 2020, REFSQ.

[51]  Anand S. Rao,et al.  BDI Agents: From Theory to Practice , 1995, ICMAS.

[52]  A. Prasad Sistla,et al.  Model Check What You Can, Runtime Verify the Rest , 2014, HOWARD-60.

[53]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[54]  Christel Baier,et al.  Principles of model checking , 2008 .

[55]  Michael Fisher,et al.  Formal verification of autonomous vehicle platooning , 2016, Sci. Comput. Program..

[56]  Ana Cavalcanti Formal Methods for Robotics: RoboChart, RoboSim, and More , 2017, SBMF.

[57]  Sanjit A. Seshia,et al.  Combining Model Checking and Runtime Verification for Safe Robotics , 2017, RV.

[58]  Donald W. Loveland,et al.  Automated theorem proving: a logical basis , 1978, Fundamental studies in computer science.

[59]  Lionel C. Briand,et al.  Generating automated and online test oracles for Simulink models with continuous and uncertain behaviors , 2019, ESEC/SIGSOFT FSE.

[60]  Stephan Merz,et al.  Model Checking , 2000 .

[61]  Georgios E. Fainekos,et al.  VISPEC: A graphical tool for elicitation of MTL requirements , 2015, 2015 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[62]  Rick Salay,et al.  A Framework for Temporal Verification Support in Domain-Specific Modelling , 2020, IEEE Transactions on Software Engineering.

[63]  Angelo Ferrando,et al.  Parametric Trace Expressions for Runtime Verification of Java-Like Programs , 2017, FTfJP@ECOOP.

[64]  Moshe Y. Vardi,et al.  Satisfiability Checking for Mission-Time LTL , 2019, CAV.

[65]  Dejan Nickovic,et al.  AMT 2.0: qualitative and quantitative trace analysis with extended signal temporal logic , 2018, International Journal on Software Tools for Technology Transfer.

[66]  Paola Mello,et al.  Commitment Tracking via the Reactive Event Calculus , 2009, IJCAI.

[67]  Alessio Lomuscio,et al.  Automatic verification of multi-agent systems by model checking via ordered binary decision diagrams , 2007, J. Appl. Log..

[68]  Angelo Ferrando,et al.  Verifying and Validating Autonomous Systems: Towards an Integrated Approach , 2018, RV.

[69]  Dejan Nickovic,et al.  Monitoring Temporal Properties of Continuous Signals , 2004, FORMATS/FTRTFT.

[70]  Rafael H. Bordini,et al.  Model checking agent programming languages , 2012, Automated Software Engineering.

[71]  George S. Avrunin,et al.  PROPEL: an approach supporting property elucidation , 2002, ICSE '02.

[72]  Daniel M. Zimmerman,et al.  A Verification-Centric Software Development Process for Java , 2009, 2009 Ninth International Conference on Quality Software.

[73]  Nelma Moreira,et al.  Automata for regular expressions with shuffle , 2018, Inf. Comput..

[74]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[75]  Michael Fisher,et al.  Declarative Abstractions for Agent Based Hybrid Control Systems , 2010, DALT.

[76]  Eran Yahav,et al.  A survey of static analysis methods for identifying security vulnerabilities in software systems , 2007, IBM Syst. J..

[77]  Rafael H. Bordini,et al.  Multi-Agent Programming: Languages, Platforms and Applications , 2005, Multi-Agent Programming.

[78]  Yliès Falcone,et al.  A taxonomy for classifying runtime verification tools , 2018, International Journal on Software Tools for Technology Transfer.

[79]  Alessio Lomuscio,et al.  MCMAS: A Model Checker for Multi-agent Systems , 2006, TACAS.

[80]  Takeo Kanade,et al.  Job Scheduling Strategies for Parallel Processing , 2015, Lecture Notes in Computer Science.

[81]  Farn Wang,et al.  Formal verification of timed systems: a survey and perspective , 2004, Proceedings of the IEEE.

[82]  Lubos Brim,et al.  DiVinE 3.0 - An Explicit-State Model Checker for Multithreaded C & C++ Programs , 2013, CAV.

[83]  Robert K. Lindsay,et al.  Deterministic Autonomous Systems , 1991, AI Mag..

[84]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[85]  Michael Fisher,et al.  Practical verification of decision-making in agent-based autonomous systems , 2013, Automated Software Engineering.

[86]  Munindar P. Singh,et al.  Modelling Interactions via Commitments and Expectations , 2009, Handbook of Research on Multi-Agent Systems.

[87]  Gordon J. Pace,et al.  Combining Testing and Runtime Verification Techniques , 2012, MOMPES.

[88]  Joël Ouaknine,et al.  Some Recent Results in Metric Temporal Logic , 2008, FORMATS.

[89]  Frédéric Boniol,et al.  Reducing State Explosion with Context Modeling for Model-Checking , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[90]  Winfried Lamersdorf,et al.  Jadex: A BDI Reasoning Engine , 2005, Multi-Agent Programming.

[91]  John Penix,et al.  Verification of time partitioning in the DEOS scheduler kernel , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[92]  Angelo Ferrando,et al.  Recognising Assumption Violations in Autonomous Systems Verification , 2018, AAMAS.