towards scalable proofs of robot swarm emerging behavior properties
DESCRIPTION
Towards scalable proofs of robot swarm emerging behavior properties. Jüri Vain Tallinn University of Technology. Syllabus. Monday morning: (9:00 – 13.30) 9:00 – 10:30 Intro: Model-Based Development and Validation of Multirobot Cooperative System (MCS) - PowerPoint PPT PresentationTRANSCRIPT
Jüri VainTallinn University of Technology
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
ROBOSWARMROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09
Monday morning: (9:00 – 13.30)◦ 9:00 – 10:30 Intro: Model-Based Development and Validation of
Multirobot Cooperative System (MCS)◦ 10:30 – 12:00 MCS model construction and learning◦ 12:00 – 13:30 Model-based testing with reactive planning testers
Tuesday morning: (9:00 – 12.30)◦ 9:00 – 10:30 Towards scalable proofs of robot swarm emerging
behavior properties◦ 10:30 – 12:00 Hands-on: Distributed intruder capture protocol
How to characterize the swarms emerging behavior?
What makes the analysis difficult? How to handle the high complexity of swarm
analysis? Case study: dynamic cleaning problem
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
Integrated Service Quality - granted level of system service quality in the presence of faults, overload and other factors that may compromize the service quality.
For a distributed services we define the quality as a scalar that equals to the value of chosen service characteristic in the point of its lowest value.
We define the swarm mission being successful if the service quality during a preset mission time never exceeds the given critical threshold.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
Y. Altshuler, A.M. Bruckstein, I.A. Wagner Swarm Robotics for a Dynamic Cleaning Problem. In “IEEE Swarm Intelligence Symposium”, pp. 209 – 216, June 2005.
J.Vain, T.Tammet, A.Kuusik, S.Juurik“Towards scalable proofs of robot swarm
dependability“. BEC2008.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
Team Te (The environment):◦ Players of Te are distributed over the cleaning zones
evenly.◦ Each zone is considered as a service point (SP) for
queuing service requests from exactly one player of Te. ◦ Players of Te do not change their positions at SP-s. ◦ One step of deterioration of the zone corresponds to an
arrival of a service request from a player of team Te. ◦ The flow of service requests in each SP is stationary◦ Moves of players of Te are synchronized.
◦ The winning strategy of team Te results in the overflow of at least one service request queue during the mission.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
Team Tc (cleaning swarm): ◦ Move of Tc player corresponds to cleaning of one
zone, i.e., processing a queue of SP requests. ◦ Players of Tc are mobile and able to coordinate
moves via messages left in SPs.
◦ The winning strategy of Tc : there is no overflow in any queue until the end of swarm mission time TH.
◦ Swarm mission is sicessful regarding given service
if it ensures the winning strategy of team Tc.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
The cleaning zones in the service area are labeled with a RFID tag.
Every tag has unique ID that identifies the zone. RFID tag has data fields:
◦ Deterioration rate◦ Time-stamp of the latest cleaning◦ Bidding information about the highest priority robot
targeting the zone. Environment generates deterioration
dynamically with the rate depending on the zone:◦ 0 % corresponds to the clean room, ◦ 100 % is the maximum deterioration level
TR – treshold of acceptable (according to service quality requirement) deterioration level
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
B
C
D E
Legend: - Robot can see tags A and B;- B is more critical- robot moves to B
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
B
C
D E
Legend: - Robot can see tags A and B;- B is more critical- robot moves to B
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
B
C
D E
Legend: - Robot can see tags C and B;- C is more critical- robot moves to C
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
B
C
D E
Legend: - Robot can see tags C and B;- C is more critical- robot moves to C
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
B
C
D E
Legend: - Robot can see tags D, E, C and B;- C is the most critical- Robot reservs C and starts cleaning
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend :- Blue detects B as the most critial zone;- Blue writes its bid (id, job_list) on B - Blue starts moving towards B;
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - Green detects B, reads the Blue’s bid on B;- if the second critical in Green’s own joblist is more critical than the one on B
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - Green gives up B, i.e. moves towards its 2nd critical.
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - if the second critical in Green’s own job list is less critical than the one on B
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - the Green takes B over, i.e writes its bid on B instead
- moves towards B.
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - Blue periodically monitors its bid, - when Blue finds it’s bid overtaken - it gives up and moves towards its 2nd critical
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - Blue periodically monitors its bid, - when Blue finds it’s bid overtaken - it gives up and moves towards its 2nd critical
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - Blue periodically monitors its bid, - when its finds it’s bid overtaken - it gives up and moves towards its 2nd critical
D
ROBOSWARM
ROBOSWARM
J.Vain Doctoral course ’Advanced topics in Embedded Systems’. Lyngby'09
A
BC
E
Legend: - Blue periodically monitors its bid, - when its finds it’s bid overtaken - it gives up and moves towards its 2nd critical
D
ROBOSWARM
ROBOSWARM
Simulation – incomplete Deductive proof – needs proper calculus,
general 1st order proof systems do not scale well, perhaps compositional methods and structural induction can help.
Model checking – partial solution at least for local proofs. Potential to scale up when combined with other techniques.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
Reachability :◦ from the state where the deterioration level of all
zones is over the threshold TR, e.g., 80 %, the state where the soiling level is less than TR (e.g., TS = 30 %) is always reachable.
◦A<> forall (i : int[1,16]) tag[i] <TS Safety :
◦ Assuming the deterioration level is less than TS where TS < TR the deterioration level is always kept below the threshold TR.
◦ A[] forall (i: int[1,16]) tag[i]<TR && gclock < TH
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
Mudel_2_agenti_resolved.xml swarm_query1.q
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09
Symmetry reduction works by identifying parts of the automaton that have equivalent behavior.
During the verification only one representative of the equivalent parts is used ◦ E.g., in case of an automaton consisting of two
identical parts the reduction in state space can be up to 50%.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09
Construct a bit field that can be used to identify if the current state has been visited.
Hash value of a state is used as the hash array index Because the state vector is n*10-n*100 of bytes, the
reduction in memory consumption can be up to 98% BSH reduces the accuracy: a state could be
mistakenly reported as visited due to a hash collision and is not stored in the hash array.
A state that would break the verification conditions may get unnoticed. However, all reported errors that are found are real error conditions.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09
DFA can reduce the memory requirements 10 but execution time is added.
Instead of hash table to store visited states a DFA is constructed to determine if a state has been visited before.
DFA is implemented in Spin. Since Promela (modelling language of SPIN) does
not include the concept of time, time passage has to be simulated indirectly by a global counter.
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09
Hash table reaches a certain level of saturation
Saturation level is reached sooner when symmetry reduction is used.
Increasing model time horizon 10% the hash table size increases 300%
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09
25 26 27 28 29 30 31 32 33 340
20
40
60
80
100
120
140
160
180
Elapsed time
No symmetrySymmetry
25 26 27 28 29 30 31 32 33 340
60
120
180
240
300
360
420
480
540
600
Elapsed time
No symmetrySymmetry
Proving emerging behavior properties of a swarm based on properties of individuals and their interaction is still unsolved problem.
Typically fully distributed symmetric coordination algorithms govern swarm behavior and are the prime target to formal verification.
Applying symmetry reduction, BSH, DFA for MC allows methods to scale up to certain limit but that is clearly insufficient for full system analysis.
New abstraction and deduction techniques are needed!
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM
Thank you!
J.Vain Doctoral course ’Advanced topics in Embedded
Systems’. Lyngby'09ROBOSWA
RMROBOSWA
RM