Formal verification of obstacle avoidance and navigation of ground robots

This article answers fundamental safety questions for ground robot navigation: under which circumstances does which control decision make a ground robot safely avoid obstacles? Unsurprisingly, the answer depends on the exact formulation of the safety objective, as well as the physical capabilities and limitations of the robot and the obstacles. Because uncertainties about the exact future behavior of a robot’s environment make this a challenging problem, we formally verify corresponding controllers and provide rigorous safety proofs justifying why the robots can never collide with the obstacle in the respective physical model. To account for ground robots in which different physical phenomena are important, we analyze a series of increasingly strong properties of controllers for increasingly rich dynamics and identify the impact that the additional model parameters have on the required safety margins. We analyze and formally verify: (i) static safety, which ensures that no collisions can happen with stationary obstacles; (ii) passive safety, which ensures that no collisions can happen with stationary or moving obstacles while the robot moves; (iii) the stronger passive-friendly safety, in which the robot further maintains sufficient maneuvering distance for obstacles to avoid collision as well; and (iv) passive orientation safety, which allows for imperfect sensor coverage of the robot, i.e., the robot is aware that not everything in its environment will be visible. We formally prove that safety can be guaranteed despite sensor uncertainty and actuator perturbation. We complement these provably correct safety properties with liveness properties: we prove that provably safe motion is flexible enough to let the robot navigate waypoints and pass intersections. To account for the mixed influence of discrete control decisions and the continuous physical motion of the ground robot, we develop corresponding hybrid system models and use differential dynamic logic theorem-proving techniques to formally verify their correctness. Since these models identify a broad range of conditions under which control decisions are provably safe, our results apply to any control algorithm for ground robots with the same dynamics. As a demonstration, we also synthesize provably correct runtime monitor conditions that check the compliance of any control algorithm with the verified control decisions.

[1]  José Santos-Victor,et al.  Abstracting Vehicle Shape and Kinematic Constraints from Obstacle Avoidance Methods , 2006, Auton. Robots.

[2]  George E. Collins,et al.  Quantifier elimination for real closed fields by cylindrical algebraic decomposition , 1975 .

[3]  Wolfram Burgard,et al.  The dynamic window approach to collision avoidance , 1997, IEEE Robotics Autom. Mag..

[4]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[5]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[6]  Lydia E. Kavraki,et al.  Hybrid systems: from verification to falsification by combining motion planning and discrete search , 2007, CAV.

[7]  Sumetee kesorn Visual Navigation for Mobile Robots: a Survey , 2012 .

[8]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[9]  André Platzer,et al.  How to model and prove hybrid systems with KeYmaera: a tutorial on safety , 2015, International Journal on Software Tools for Technology Transfer.

[10]  Hassen Salhi,et al.  Provably safe navigation for mobile robots with limited field-of-views in dynamic environments , 2012, Auton. Robots.

[11]  Oliver Brock,et al.  High-speed navigation using the global dynamic window approach , 1999, Proceedings 1999 IEEE International Conference on Robotics and Automation (Cat. No.99CH36288C).

[12]  The Dynamic Window Approach to Collision Avoidance - IEEE Robotics & Automation Magazine , 2004 .

[13]  Ufuk Topcu,et al.  Optimization-based trajectory generation with linear temporal logic specifications , 2014, 2014 IEEE International Conference on Robotics and Automation (ICRA).

[14]  P. Abbeel,et al.  LQG-MP: Optimized path planning for robots with motion uncertainty and imperfect state information , 2011 .

[15]  André Platzer,et al.  A Complete Axiomatization of Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2012, Log. Methods Comput. Sci..

[16]  André Platzer,et al.  Efficiency analysis of formally verified adaptive cruise controllers , 2013, 16th International IEEE Conference on Intelligent Transportation Systems (ITSC 2013).

[17]  FioriniPaolo,et al.  Cleaning and Household Robots , 2000 .

[18]  André Platzer,et al.  A Method for Invariant Generation for Polynomial Continuous Systems , 2016, VMCAI.

[19]  James H. Davenport,et al.  Real Quantifier Elimination is Doubly Exponential , 1988, J. Symb. Comput..

[20]  André Platzer,et al.  Differential Game Logic , 2014, ACM Trans. Comput. Log..

[21]  Roland Siegwart,et al.  Towards Safe Vehicle Navigation in Dynamic Urban Scenarios , 2009 .

[22]  O. Khatib,et al.  Real-Time Obstacle Avoidance for Manipulators and Mobile Robots , 1985, Proceedings. 1985 IEEE International Conference on Robotics and Automation.

[23]  André Platzer,et al.  On Provably Safe Obstacle Avoidance for Autonomous Robotic Ground Vehicles , 2013, Robotics: Science and Systems.

[24]  Nicholas Roy,et al.  Guaranteeing High-Level Behaviors While Exploring Partially Known Maps , 2013 .

[25]  Jonathan P. How,et al.  Guaranteed infinite horizon avoidance of unpredictable, dynamically constrained obstacles , 2012, Autonomous Robots.

[26]  S. LaValle,et al.  Randomized Kinodynamic Planning , 2001 .

[27]  Emilio Frazzoli,et al.  Sampling-based algorithms for optimal motion planning with deterministic μ-calculus specifications , 2012, 2012 American Control Conference (ACC).

[28]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[29]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[30]  George E. Collins,et al.  Hauptvortrag: Quantifier elimination for real closed fields by cylindrical algebraic decomposition , 1975, Automata Theory and Formal Languages.

[31]  André Platzer,et al.  Towards Formal Verification of Freeway Traffic Control , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[32]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[33]  Oussama Khatib,et al.  Real-Time Obstacle Avoidance for Manipulators and Mobile Robots , 1986 .

[34]  André Platzer,et al.  Differential-algebraic Dynamic Logic for Differential-algebraic Programs , 2010, J. Log. Comput..

[35]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[36]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[37]  André Platzer,et al.  Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2010, CSL.

[38]  Nils J. Nilsson,et al.  A Formal Basis for the Heuristic Determination of Minimum Cost Paths , 1968, IEEE Trans. Syst. Sci. Cybern..

[39]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[40]  Lydia E. Kavraki,et al.  Falsification of LTL Safety Properties in Hybrid Systems , 2009, TACAS.

[41]  Hadas Kress-Gazit,et al.  Temporal-Logic-Based Reactive Mission and Motion Planning , 2009, IEEE Transactions on Robotics.

[42]  Christoph Lüth,et al.  Guaranteeing functional safety: design for provability and computer-aided verification , 2011, Autonomous Robots.

[43]  Martin Buss,et al.  Safety assessment of robot trajectories for navigation in uncertain and dynamic environments , 2011, Autonomous Robots.

[44]  Werner Retschitzegger,et al.  A Component-Based Approach to Hybrid Systems Safety Verification , 2016, IFM.

[45]  Paolo Fiorini,et al.  Cleaning and Household Robots: A Technology Survey , 2000, Auton. Robots.

[46]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[47]  André Platzer,et al.  The Structure of Differential Invariants and Differential Cut Elimination , 2011, Log. Methods Comput. Sci..

[48]  Jon Rigelsford,et al.  Embedded Robotics: Mobile Robot Design and Applications with Embedded Systems , 2004 .

[49]  André Platzer,et al.  Stochastic Differential Dynamic Logic for Stochastic Hybrid Programs , 2011, CADE.

[50]  Howie Choset,et al.  Principles of Robot Motion: Theory, Algorithms, and Implementation ERRATA!!!! 1 , 2007 .

[51]  André Platzer,et al.  Quantified differential invariants , 2011, HSCC '11.

[52]  André Platzer,et al.  The Complete Proof Theory of Hybrid Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[53]  André Platzer,et al.  Formally verified differential dynamic logic , 2017, CPP.

[54]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[55]  Paolo Fiorini,et al.  Motion Planning in Dynamic Environments Using Velocity Obstacles , 1998, Int. J. Robotics Res..

[56]  Nathan Fulton,et al.  Bellerophon: Tactical Theorem Proving for Hybrid Systems , 2017, ITP.

[57]  Derek W. Seward,et al.  Safe and effective navigation of autonomous robots in hazardous environments , 2007, Auton. Robots.

[58]  Dinesh Manocha,et al.  Collision-free and smooth trajectory computation in cluttered environments , 2012, Int. J. Robotics Res..

[59]  Hadas Kress-Gazit,et al.  Guaranteeing High-Level Behaviors while Exploring Partially Known Maps , 2012, Robotics: Science and Systems.