The concept of behaviour-based systems goes back to Brooks [Brooks 91] and has been developed since then by many research groups. Researching tasks comprise among others the design and modelling of the software structure, the realisation of low-level, real-time tasks as well as complex high level tasks, the analysis of the system, and the verification of single components as well as the complete system. Approaches for the design and analysis of behaviour-based robots are given in [Matarić 92, Zhang 09, Proetzsch 10a].
Analysis and verification considering behaviour-based robotics are not very frequently addressed in current research. But there exist quite a number of papers, published also in the last few years, that deal with various problems of this topic. This section discusses the most important examples of current research in the field of analysis and verification of behaviour-based systems, which goes beyond the evaluation by testing.
3.4.1
Formal Verification of BBS
The need to guarantee a certain robot behaviour leads to the investigation of formal verifi- cation techniques also in the area of behaviour-based robotics research. Several methods
Figure 3.8: The MissionLab/VIPARS System Architecture. The mission program as well
as models for robot, sensor systems, environment and mission performance criteria are imple- mented in MissionLab. The mission is translated to the formal input language PARS. VIPARS (Verification in PARS ) returns a probabilistic distribution whether the mission will achieve its
performance criteria under the given circumstances. (source: [Lyons 15a])
described in Sec. 3.3 have been adapted to the special properties of bbs. [Lamine 02] implement formal verification techniques to analyse the behaviour of robots using the saphira architecture. Their goal is to find errors in execution sequences, for example an oscillation between the goal-oriented behaviour and the obstacle-avoidance behaviour. The authors propose tools that prove the satisfaction of LTL statements to monitor and plan robot behaviour (Problem 3). [Proetzsch 07] propose an approach using model checking techniques to verify a part of the robots control system. They model every behavioural component in the synchronous language Quartz [Schneider 09] and verify them using the Averest framework [Schneider 05]. With their approach they were able to verify a number of specifications for the given part of the network. Nevertheless, the large number of states indicates that the approach does not scale well, and need therefore further investigation for the application to larger systems.
With this problem in mind, the authors of [Lyons 15b] base their verification on an approach that completely avoid state-space combinatorics. They use a process-algebra representation, where the program is mapped to a set of equations over the program variables. The specification (performance criteria) and environmental models can also be described using the process algebra. The result of the verification process is a probability landscape describing the systems performance. Figure 3.8 represents the developed system architecture. The authors state that their method should be transferable to other behaviour- based architectures with small effort but not to other robot control systems as it is strongly dependent on the modular and concurrent structure of bbs. In [Lyons 15a] the approach
is extended to verify the behaviour of multiple robots acting in an environment which can include obstacles.
The described approaches show the complex demands on the developer when using formal verification techniques. Not only the software system, but also the robot equipment (e.g. sensors) and the environment (path, obstacles) as well as the requirements on the robots action have to be defined and modelled in a formal way. Nevertheless, the results show that it is possible and the topic is worth to be further investigated.
3.4.2
Requirements Analysis
The authors of [Zhang 09] propose an approach for the modelling and analysis of the obstacle avoidance behaviour of a robot using object oriented techniques. They lay special interest on the representation of robots interaction with its environment and propose to use Use-Case-Models (UML) for requirements analysis. Figure 3.9 shows an example use-case model for a behaviour-based robot. The three boxes (objects) in the bottom represent the three behavioural tasks of the robot (detecting, finding path, avoiding obstacles). The environment is modelled as actor which provides information to the robot and thereby influences the behaviours. Analysis in this concept targets only requirements analysis in order to have a sound requirements definition as basis for the following development steps. Unfortunately, the authors say nothing about the process to identify the requirements and the use-case-model in the example is not complete in a way. The authors just state that the environmental influences on the individual objects needs to be modelled as well, but give no example.
Figure 3.9: Use case model for requirements analysis (source: [Zhang 09])
[Guo 10] present an approach using fault trees to derive safety and security requirements for behaviour-based systems. Their main goal is to show how the effects of security hazards can influence the safety of a system. To reach that they use several standard safety analysis techniques like fmea to define the hazards and integrate the events of the security fault
tree into the safety fault tree. With their approach they show the applicability of standard techniques to behaviour-based systems, although the given example is quite small.
3.4.3
Safety/Security Analysis
[Steiner 12] deal with the topic of analysing the safety and reliability of complex embedded systems in dependence on their software. The main idea is to model the behaviour based network as State Event Fault Trees (SEFT), which are a combination of deterministic state machines, Markov chains and Fault Trees. In these state event fault trees, undesired events are selected and the SEFT is translated to a Deterministic and Stochastic Petri
Net (DSPN) for a quantitative analysis. With the analysis results the reliability of the
system can be measured for the chosen event. The authors provide translation rules for the functional description of the bbs to a state event fault tree. The application is shown on a small network example. They make no assumptions about the scalability of the approach and the application to different problems. The quantitative analysis of this approach is based on probability values assigned to basic events. The determination of these probabilities is not further discussed in the paper. Nevertheless, the approach to use a kind of fault tree to model behaviour-based networks in order to reason about safety and reliability issues seems to be a promising approach.