Abstract:Robotic systems used in safety-critical industrial situations often rely on modular software architectures, and increasingly include autonomous components. Verifying that these modular robotic systems behave as expected requires approaches that can cope with, and preferably take advantage of, this inherent modularity. This paper describes a compositional approach to specifying the nodes in robotic systems built using the Robotic Operating System (ROS), where each node is specified using First-Order Logic (FOL) assume-guarantee contracts that link the specification to the ROS implementation. We introduce inference rules that facilitate the composition of these node-level contracts to derive system-level properties. We also present a novel Domain-Specific Language, the ROS Contract Language, which captures a node's FOL specification and links this contract to its implementation. RCL contracts can be automatically translated, by our tool Vanda, into executable monitors; which we use to verify the contracts at runtime. We illustrate our approach through the specification and verification of an autonomous rover engaged in the remote inspection of a nuclear site, and finish with smaller examples that illustrate other useful features of our framework.

What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve the verification problems of modular robot systems (especially ROS - based systems) in safety - critical scenarios. As the complexity and autonomy of robot systems increase, it is crucial to ensure that these systems behave as expected. Specifically, the paper attempts to solve the following key problems: 1. **Modular and Heterogeneous Verification**: - The paper proposes a compositional method to verify modular robot systems built with the Robot Operating System (ROS). Through this method, each node can be individually verified using different verification techniques while ensuring the correctness of the entire system. - The core question of the research is: **Can a compositional and heterogeneous method be used to verify ROS - based systems?** 2. **Assume - Guarantee Contracts**: - To achieve this goal, the authors introduce an assume - guarantee contract based on first - order logic (FOL) to describe the behavior of each node. These contracts define the pre - conditions and post - conditions of the nodes, thereby ensuring that the behavior of each module meets expectations. - These contracts are combined through inference rules to derive system - level properties. 3. **Automated Synthesis of Runtime Monitors**: - The paper also presents a toolchain that can automatically generate runtime monitors from these contracts. These monitors can check whether nodes comply with their contracts during system runtime, providing a safety net to ensure that the system meets the requirements. 4. **Integration of Formal Specifications with Existing Systems**: - This method allows the introduction of formal specifications into existing ROS systems. In this way, existing systems can be formally verified without the need to redesign from scratch. 5. **Coping with Complexity and Dynamic Environments**: - As robot systems become more complex and operate in dynamic environments, traditional verification methods are difficult to meet the requirements. The method proposed in the paper can better cope with this complexity and dynamics, ensuring that the system can operate correctly in various situations. ### Method Overview The method proposed in the paper includes the following steps: 1. **Abstracting the ROS Graph to a System Model**: - By abstracting the ROS graph, a more manageable system model is generated. This may involve merging multiple nodes or deleting known reliable nodes. 2. **Writing RCL Contracts**: - Use the ROS Contract Language (RCL) to write contracts for each node, describing the input, output, and pre - and post - conditions of the node's behavior. 3. **Reasoning about Contracts with Calculus**: - Use inference rules to combine node contracts, generate system - level properties, and check the validity of the contracts. 4. **Heterogeneous Verification**: - Use multiple verification methods to verify nodes, ensuring that each node complies with its contract. 5. **Automatically Generate Runtime Monitors**: - Automatically generate runtime monitors from RCL contracts to ensure that the system complies with the contracts during runtime. Through this method, the paper provides an effective framework for verifying complex modular robot systems, ensuring their reliability and correctness in safety - critical scenarios.

A Compositional Approach to Verifying Modular Robotic Systems

Towards Compositional Verification for Modular Robotic Systems

Modular Verification of Autonomous Space Robotics

Cross--layer Formal Verification of Robotic Systems

A Verifiable and Correct-by-Construction Controller for Robot Functional Levels

Formal Verification of Real-Time Autonomous Robots: An Interdisciplinary Approach

Monitoring ROS2: from Requirements to Autonomous Robots

Generating Safe Autonomous Decision-Making in ROS

Towards formal models and languages for verifiable Multi-Robot Systems

Formal Verification of Obstacle Avoidance and Navigation of Ground Robots

Statistical Model Checking of Complex Robotic Systems

Formal Specification and Verification of Autonomous Robotic Systems: A Survey

Runtime Verification and Field-Based Testing for ROS-Based Robotic Systems

From Offline Towards Real-Time Verification for Robot Systems

Contribution to the Formal Specification and Verification of a Multi-Agent Robotic System

A Formal Verification Approach for Robotic Workflows

Contract Composition for Dynamical Control Systems: Definition and Verification using Linear Programming

A Framework for Formal Verification of Robot Kinematics

SOTER on ROS: A Run-Time Assurance Framework on the Robot Operating System

Compositional Verification for Autonomous Systems with Deep Learning Components