Real-Time Execution Control for Autonomous Systems

There is an increasing need for advanced autonomy in complex embedded real-time systems such as robots, satellites, or UAVs. Still, the growing complexity of the decision capabilities of these systems raises a major problem: how to prove that the system is not going to end in a dangerous state (for itself or for humans)? How to guarantee that the robot will not grab a sample on the ground with its arm, while moving (which could supposedly break the arm)? How to make sure that the satellite RCS jets are not fired when the camera lens protection is off? How do we make sure that a service robot for elderly people is not moving faster than 20cm.s −1 ? This paper presents some recent developments of the LAAS architecture for autonomous systems. In particular, we specify the role of the Execution Control level of this architecture. This level has a fault protection role with respect to the commands issued by the decisional level, which are transmitted to the system (through the functional level). It acts as a real-time "safety bag" 1 , to make sure that the commands issued are consistent with the current state of the system and with a formal model of the acceptable states. To implement this component, we present a new approach and a new tool inspired by the model checking domain. We introduce a new language (EX o GEN) to specify the model of acceptable and required states of the system (valid contexts for requests to functional modules and resources usage). This language is compiled offline in an OBDD (Ordered Binary Decision Diagram) like structure which is then used online to check the specified constraints in real-time. This tool is seamlessly integrated in the LAAS architecture and relies on the other tools used to build autonomous systems (G en oM, OpenPRS, etc). We have deployed it on a number of robotics platforms (ATRV and XR4000 robots). We show that such an approach allows us to improve the runtime dependability of the system at a minimal acceptable cost (compared to the possible loss of the complete system), but could also be extended to check more complex temporal properties of the system off line.

[1]  Rachid Alami,et al.  PRS: a high level supervision and control language for autonomous mobile robots , 1996, Proceedings of IEEE International Conference on Robotics and Automation.

[2]  Peter H. M. Klein,et al.  The Safety-Bag Expert System in the Electronic Railway Interlocking System ELEKTRA , 1991 .

[3]  Bernard Espiau,et al.  Formal Veriication in Robotics: Why and How? , 1995 .

[4]  Matthieu Herrb,et al.  Design of a modular architecture for autonomous robot , 1994, Proceedings of the 1994 IEEE International Conference on Robotics and Automation.

[5]  Éric Rutten A framework for using discrete control synthesis in safe robotic programming and teleoperation , 2001, Proceedings 2001 ICRA. IEEE International Conference on Robotics and Automation (Cat. No.01CH37164).

[6]  Frédéric Boussinot,et al.  The ESTEREL language , 1991, Proc. IEEE.

[7]  Nicola Muscettola,et al.  IDEA: Planning at the Core of Autonomous Reactive Agents , 2002 .

[8]  Reid G. Simmons,et al.  Towards automatic verification of autonomous systems , 2000, Proceedings. 2000 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS 2000) (Cat. No.00CH37113).

[9]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[10]  Rachid Alami,et al.  An Architecture for Autonomy , 1998, Int. J. Robotics Res..

[11]  Raja Chatila,et al.  Specification and validation of a control architecture for autonomous mobile robots , 1996, Proceedings of IEEE/RSJ International Conference on Intelligent Robots and Systems. IROS '96.

[12]  Randal E. Bryant,et al.  Efficient implementation of a BDD package , 1991, DAC '90.

[13]  Félix Ingrand,et al.  An execution control system for autonomous robots , 2002, Proceedings 2002 IEEE International Conference on Robotics and Automation (Cat. No.02CH37292).

[14]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[15]  Robert P. Goldman,et al.  Using Model Checking to Plan Hard Real-Time Controllers , 2000 .