R2U2: Tool Overview

Rozier, Kristin Yvonne; Schumann, Johann

doi:10.29007/5pch

Cited by 21 publications

(23 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specifications are difficult to write for the same reasons as for model checking; further complications include noisiness of sensor data and challenges of real-world environments. Limitations and constraints of embedded systems and certification processes challenge RV implementations, though to date three tools have risen to these real-world-deployment challenges and more are sure to follow [3,196,220]. Of course, violation of certain critial safety properties is not acceptable, even if this is detected.…”

Section: Verification Of Autonomous Software Systemsmentioning

confidence: 99%

Towards a framework for certification of reliable autonomous systems

Fisher

Mascardi

Rozier

et al. 2020

Auton Agent Multi-Agent Syst

Self Cite

View full text Add to dashboard Cite

A computational system is called autonomous if it is able to make its own decisions, or take its own actions, without human supervision or control. The capability and spread of such systems have reached the point where they are beginning to touch much of everyday life. However, regulators grapple with how to deal with autonomous systems, for example how could we certify an Unmanned Aerial System for autonomous use in civilian airspace? We here analyse what is needed in order to provide verified reliable behaviour of an autonomous system, analyse what can be done as the state-of-the-art in automated verification, and propose a roadmap towards developing regulatory guidelines, including articulating challenges to researchers, to engineers, and to regulators. Case studies in seven distinct domains illustrate the article.

show abstract

Section: Verification Of Autonomous Software Systemsmentioning

confidence: 99%

Towards a framework for certification of reliable autonomous systems

Fisher

Mascardi

Rozier

et al. 2020

Auton Agent Multi-Agent Syst

Self Cite

View full text Add to dashboard Cite

show abstract

“…In flight, Robonaut2's configuration system will handle specification loading. R2U2 is realizable, responsive, and unobtrusive [22]; it embeds observers for Robonaut2's symptoms in hardware, returns observer verdicts at the system clock rate, and is adaptable to the highlyconstrained operational environment without affecting existing joint control, respectively. We apply two of R2U2's reasoning layers: signal processing (which processes incoming signals into Boolean atomics) and temporal observation (which evaluates MLTL specifications).…”

Section: Specificationmentioning

confidence: 99%

“…R2U2 allows runtime configuration of the observer specifications, while the size and duration limits of these specifications are design-time parameters. For R2U2 to dynamically reconfigure specifications at runtime (without resynthesis or recertification), we utilize BRAMs for instruction memory, variable memory, and queues; see [22]. Memory requirements are driven by queue depth and timestamp length.…”

Section: Embedding Runtime Verificationmentioning

confidence: 99%

“…RVS is the only other modern hardware RV implementation; its limited expression language only monitors the internal behavior of a real-time operating system and RVS requires resynthesis to change monitored properties [27]. The Realizable Responsive Unobtrusive Unit [22] (R2U2) is the only RV tool that starts an encoding with the resource constraints and then optimizes the verification configuration to reliably detect as many faults as possible, rather than, e.g., starting with runtime monitors and creating resource-consuming implementations. R2U2's online, stream-based, hardware (FPGA) implementation, provable unobtrusiveness, and ability to change monitors without resynthesis fit the R2 project.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Embedding Online Runtime Verification for Fault Disambiguation on Robonaut2

Kempa

Zhang

Jones

et al. 2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Robonaut2 (R2) is a humanoid robot onboard the International Space Station (ISS), performing specialized tasks in collaboration with astronauts. After deployment, R2 developed an unexpected emergent behavior. R2's inability to distinguish between knee-joint faults (e.g., due to sensor drift versus violated environmental assumptions) began triggering safety-preserving freezes-in-place in the confined space of the ISS, preventing further motion until a ground-control operator determines the root-cause and initiates proper corrective action. Runtime verification (RV) algorithms can efficiently disambiguate the temporal signatures of different faults in real-time. However, no previous RV engine can operate within the limited available resources and specialized platform constraints of R2's hardware architecture. An attempt to deploy the only runtime verification engine designed for embedded flight systems, R2U2, failed due to resource constraints. We present a significant redesign of the core R2U2 algorithms to adapt to severe resource and certification constraints and prove their correctness. We further define an optimization enabled by our new algorithms and implement the new version of R2U2. We encode specifications describing real-life faults occurring onboard Robonaut2 using Mission-time Linear Temporal Logic (MLTL) and detail our process of specification debugging, validation, and refinement. We deployed this new version of R2U2 on Robonaut2, demonstrating successful real-time fault disambiguation and mitigation triggering of R2's knee-joint faults without false positives.

show abstract

“…Both discrete-event simulation and runtime verification can be either event-triggered or time-triggered, with event-triggered being the most common, as in next-event simulation. Few RV tools are time-triggered by default (Falcone, Krstić, Reger, and Traytel 2018), with a few notable exception of time-triggered monitors (Rozier and Schumann 2017, Azzopardi, Colombo, Ebejer, Mallia, and Pace 2017, Navabpour, Joshi, Wu, Berkovich, Medhat, Bonakdarpour, and Fischmeister 2013. Importantly, runtime verification tools do not generally represent clocks in the same way as simulations, though we can usually define equivalences, e.g., through counters or reliance on checks of external-to-the-RV-engine system clocks.…”

Section: Computational Model Formatmentioning

confidence: 99%

From Simulation to Runtime Verification and Back: Connecting Single-run Verification Techniques

2019

Annual Simulation Symposium (ANSS 2019)

View full text Add to dashboard Cite

Modern safety-critical systems, such as aircraft and spacecraft, crucially depend on rigorous verification, from design time to runtime. Simulation is a highly-developed, time-honored design-time verification technique, whereas runtime verification is a much younger outgrowth from modern complex systems that both enable embedding analysis on-board and require mission-time verification, e.g., for flight certification. While the attributes of simulation are well-defined, the vocabulary of runtime verification is still being formed; both are active research areas needed to ensure safety and security. This invited paper explores the connections and differences between simulation and runtime verification and poses open research questions regarding how each might be used to advance past bottlenecks in the other. We unify their vocabulary, list their commonalities and contrasts, and examine how their artifacts may be connected to push the state of the art of what we can (safely) fly.

show abstract

R2U2: Tool Overview

Cited by 21 publications

References 18 publications

Towards a framework for certification of reliable autonomous systems

Towards a framework for certification of reliable autonomous systems

Embedding Online Runtime Verification for Fault Disambiguation on Robonaut2

From Simulation to Runtime Verification and Back: Connecting Single-run Verification Techniques

Contact Info

Product

Resources

About