Université Fédérale de Toulouse

Midi-PyrénéesLAAS-CNRS/ Laboratoire d’analyse et d’architecture des systèmes (CNRS)

Robots, How Reliable Are They? Student: Mohammed Foughali

Supervisor: Félix Ingrand

Context Increasing involvement of robots in human environments -> Reliability?

❖Poor connection between robotic functional software and formal methods x Non-formal frameworks x Ad-hoc, non automatic modeling x Scalability issues

Decisional Level

Acting ObservingFunctional level

Battery

SpeedP3D

PosPOM

HueblobIm. St.Stereo

VIAM Im. Pos RFLEXPTU

(Pan-TiltUnit)

DTM Env

Aspect Obs

Laser RF Scan

NDD Speed

Antenna Heating

Planning Monitoring

MODELS

Flat terrainnavigation

Rough terrainnavigation

Approach ➡Automatically bridge GenoM with V&V frameworks ➡Use the generated models to verify important properties

GenoM to Fiacre/TINA & UPPAAL ➡Develop templates GenoM->Fiacre & GenoM->UPPAAL ➡Use TINA & UPPAAL to verify: ✓Behavioral properties: e.g. a sent request is eventually served ✓Timed properties: e.g. quantify the time between ports updates

Activities

Control TaskControl

Services

Clients

Ports

Execution Tasks

Codels

IDS

read/write

read/w

rite

read/write

RequestsReports

start

ether

paus

e

Robotic Software Levels

A GenoM component

Fiacre or UPPAL Model

of the Funct. Level

GenoM Models: .idl & .gen

Real-time properties

TINA or UPPAAL

Analysis

Fix the

Functional Level

speed

robmotion

scan

roblaser

pos

robloco

robmap

map

Task: map 50msServices:InitFuseMapStopFuse

Task: motion 500msServices:InitGotoPositionStop

Task: scan 50msServices:InitStartScanStopScan

Task: odo 50msServices:InitPortGetPosOdoStartOdoStopMonitorArea

Task: track 50msServices:TSStartTSStop

GenoM to Fiacre & UPPAAL Workflow

GenoM to UPPAAL SMC ➡Develop templates GenoM->UPPAAL-SMC ➡Use SMC on models that do not scale to estimate the probability of satisfying

important properties

Functional Level

actualvelocityIMU

nhfc

Task: main 1msServices:InitServoStop

cmdvelocity

desiredstate

maneuverpom

state

mikrokopter

Task: plan 5msServices:GotoWayPointTakeOff

Task: exec 5msServices:perm

Task: io 1msServices:perm, add_me

Task: filter 1msServices:perm

Task: main 1msServices:permcalibrate_imustartservostop

Task: comm 1msServices:permconnectmonitorset_ramp

mocappose

optitrackTask: publish 4msServices:Init(pos updated 100Hz)

Quadcopter navigation: Does not scale ✓Properties satisfied with 99% pr (SMC)

GenoM to BIP ➡Develop templates GenoM->BIP ➡Run the generated models using the BIP engine and enforce desired properties

online

BIP Modelof the Funct. Level

(Execution)

GenoM Models: .idl & .gen

Safety properties

RTD-Finder

AnalysisFix the model

BIP/Model template (GenoM/Pocolibs to BIP)

to Fiacre)

BIP Modelof the Funct. Level

(verification)

BIP-Engine

GenoM to BIP Workflow

Papers ๏Model-Checking Real-Time Properties on The Functional Layer of

Autonomous Systems M. Foughali, B. Berthomieu, S. Dal Zilio, F. Ingrand, A. Mallet At ICFEM 2016, November 14-18, Tokyo, Japan

๏Toward a Correct-and-Scalable Verification of Concurrent Robotic Systems: Insights on Formalisms and Tools

M. Foughali At IEEE ACSD 2017, June 25-30, Zaragoza, Spain