Abstract
Fault tolerance and safety verification of control systems are essential for the success of autonomous robotic systems. A control architecture called Mission Data System (MDS), developed at the Jet Propulsion Laboratory, addresses these needs with a goal-based control approach. In this paper, a software algorithm for converting goal network control systems into linear hybrid systems is described. The conversion process is a bisimulation; the resulting linear hybrid system can be verified for safety in the presence of failures using existing symbolic model checkers, and thus the original goal network is verified. A moderately complex example goal network control system is converted to a linear hybrid system using the automatic conversion software that is based on the bisimulation and then is verified.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alur R, Henzinger T, Ho PH (1996) Automatic symbolic verification of embedded systems. IEEE Trans Softw Eng 22(3):181–201
Ball T, Rajamani SK (2000) Bebop: a symbolic model checker for boolean programs. In: SPIN. Lecture notes in computer science, vol 1885. Springer, Berlin, pp 113–130
Biere A, Cimatti A, Clarke E, Zhu Y (1999) Symbolic model checking without BDDs. In: TACAS/ETAPS. Lecture notes in computer science, vol 1579. Springer, Berlin, pp 193–207
Blanke M, Staroswiecki M, Wu NE (2001) Concepts and methods in fault-tolerant control. In: Proc. of the American control conference
Bordini R, Fisher M, Visser W, Wooldridge M (2004a) State-space reduction techniques in agent verification. In: Proc of the third international joint conference on autonomous agents and multiagent systems, pp 896–903
Bordini RH, Fisher M, Visser W, Wooldridge M (2004b) Verifiable multi-agent programs. In: Programming multi-agent systems. Lecture notes in artificial intelligence, vol 3067, pp 72–89
Braman JMB (2009) Safety verification and failure analysis of goal-based hybrid control system. PhD thesis, California Institute of Technology
Brooks RA (1986) A robust layered control system for a mobile robot. IEEE J Robot Autom RA-2(1):14–23
Burch J, Clarke E, McMillan K, Dill D, Hwang L (1990) Symbolic model checking: 1020 states and beyond. In: Proc of the fifth annual IEEE symposium on logic in computer science, pp 428–439
Burdick JW, Du Toit NE, Howard A, Looman C, Ma J, Murray RM, Wongpiromsarn T (2007) Sensing, navigation and reasoning technologies for the DARPA urban challenge. Tech rep, DARPA Urban Challenge Final Report
Cimatti A, Clarke E, Giunchiglia E, Giunchiglia F, Pistore M, Roveri M, Sebastiani R, Tacchella A (2002) NuSMV 2: an open source tool for symbolic model checking. In: CAV, Lecture notes in computer science, vol 2404. Springer, Berlin, pp 359–364
EM Clarke, Wing JM (1996) Formal methods: state of the art and future directions. ACM Comput Surv 28(4):626–643
Cremean LB, Foote TB, Gillula JH, Hines GH, Kogan D, Kriechbaum KL, Lamb JC, Leibs J, Lindzey L, Stewart AD, Burdick JW, Murray RM (2006) Alice: an information-rich autonomous vehicle for high-speed desert navigation. J Field Robot 23:777–810
Croomes S (2006) Overview of the DART mishap investigation results. Tech rep, National Aeronautics and Space Administration
Dill D, Wong-Toi H (1995) Verification of real-time systems by successive over and under approximation. In: CAV 95: computer-aided verification. Springer, Berlin, pp 409–422
Dvorak D, Rasmussen R, Reeves G, Sacks A (2000) Software architecture themes in JPL’s mission data system. In: Proc of the IEEE aerospace conference
Dvorak D, Rasmussen R, Starbird T (2002) State knowledge representation in the mission data system. In: Proc of the IEEE aerospace conference
Elfes A, Hall JL, Montgomery JF, Bergh CF, Dudik BA (2004) Towards a substantionally autonomous aerobot for exploration of Titan. In: Proc of the IEEE international conference on robotics and automation, pp 2535–2541
Ferrell C (1994) Failure recognition and fault tolerance of an autonomous robot. Adapt Behav 2(4):375–398
Flanagan C, Godefroid P (2005) Dynamic partial-order reduction for model checking software. ACM SIGPLAN Not 40(1):110–121
Frehse G (2005) PHAVer: algorithmic verification of hybrid systems past HyTech. In: Proc of the international conference on hybrid systems: computation and control.
Girard A, Pappas GJ (2007) Approximate bisimulation relations for constrained linear systems. Automatica 43(8):1307–1317
Haghverdi E, Tabuada P, Pappas GJ (2005) Bisimulation relations for dynamical, control, and hybrid systems. Theor Comput Sci 342(2-3):229–261
Henzinger TA, Ho PH, Wong-Toi H (1997) HyTech: a model checker for hybrid systems. Int J Softw Tools Technol Transf. doi:10.1007/s100090050008
Holzmann G (2004) The spin model checker: primer and reference manual. Addison-Wesley, Reading
Ingham MD, Williams BC (2003) Timed model-based programming: executable specificiations for robust critical sequences. In Proc of the international workshop on self-adaptive software
Kim P, Williams BC, Abramson M (2001) Executing reactive model-based programs through graph-based temporal planning. In: Proc of the international joint conference on artificial intelligence
Labinaz G, Bayoumi MM, Rudie K (1997) A survey of modeling and control of hybrid systems. Annu Rev Control 21:79–92
Larsen K, Pettersson P, Yi W (1997) UPPAAL in a nutshell. Int J Softw Tools Technol Transf 1(1–2):134–152
Lueth TC, Laengle T (1994) Fault-tolerance and error recovery in an autonomous robot with distributed controlled components. In: Proc. of the IEEE International Conference on Robotics and Automation. Springer, Berlin, pp 8–13
Mataric MJ (1992) Integration of representation into goal-driven behavior-based robots. IEEE Trans Robot Autom 8(3):304–312
McMillan KL (2002) Applying SAT methods in unbounded symbolic model checking. In: CAV. Lecture notes in computer science, vol 2404. Springer, Berlin, pp 250–264
Owre S, Rushby J, Shankar N, von Henke F (1995) Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. IEEE Trans Softw Eng 21(2):107–126
Parker LE (1998) ALLIANCE: an architecture for fault tolerant multirobot cooperation. IEEE Trans Robot Autom 14(2):220–240
Rasmussen RD (2001) Goal-based fault tolerance for space systems using the mission data system. In: Proc of the IEEE aerospace conference, vol 5, pp 2401–2410
Schneider F, Easterbrook S, Callahan J, Holzmann G (1998) Validating requirements for fault tolerant systems using model checking. In: Proc of the third international conference on requirements engineering, pp 4–13
Simmons R, Pecheur C, Srinivasan G (2000) Towards automatic verification of autonomous systems. In: Proc of the IEEE/RSJ international conference on intelligent robots and systems, vol 2. Springer, Berlin, pp 1410–1415. doi:10.1109/IROS.2000.893218
Suzuki T, Shatz SM, Murata T (1990) A protocol modeling and verification approach based on a specification language and petri nets. IEEE Trans Softw Eng 16(5):523–536
Tabuada P, Pappas GJ (2004) Bisimilar control affine systems. Syst Control Lett 52(1):49–58
Visinsky ML, Cavallaro JR, Walker ID (1995) A dynamic fault tolerance framework for remote robots. IEEE Trans Robot Autom 11(4):477–490
Williams BC, Kim P, Hofbaur M, How J, Kennell J, Loy J, Ragno R, Stedl J, Walcott A (2001) Model-based reactive programming of cooperative vehicles for Mars exploration. In: Proc of the international symposium on artificial intelligence, robotics and automation in space
Williams BC, Ingham MD, Chung S, Elliott P, Hofbaur M, Sullivan GT (2003) Model-based programming of fault-aware systems. AI Mag 24(4):61–75
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Braman, J.M.B., Murray, R.M. Bisimulation conversion and verification procedure for goal-based control systems. Form Methods Syst Des 38, 62–95 (2011). https://doi.org/10.1007/s10703-010-0109-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10703-010-0109-6