2013 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS) November 3-7, 2013. Tokyo, Japan Temporal Logic Motion Planning in Unknown Environments A. I. Medina Ayala, S. B. Andersson, and C. Belta Abstract— In this paper, we consider a robot motion planning eventually bring them to safe areas. Given that the environ- problem from a specification given as a syntactically co-safe ment is only partially known, the robot will need to gather linear temporal logic formula over a set of properties known information about it in real time and use that while planning to be satisfied at the regions of an unknown environment. The robot is assumed to be equipped with deterministic motion and so as to satisfy the task specification. accurate sensing capabilities. The environment is assumed to The example described above is an instance of the Si- be partitioned into a finite number of identical square cells. By multaneous Localization and Mapping (SLAM) [5] problem. bringing together tools from formal verification, graph theory, Motivated by a wide number of applications that fall into and grid-based exploration, we develop an incremental algo- the SLAM framework, this paper proposes an algorithm that rithm that makes progress towards satisfying the specification while the robot discovers the environment using its local sensors. interleaves the use of formal methods, graph theory and We show that the algorithm is sound and complete. We illustrate classical exploration techniques to solve the path planning the feasibility and effectiveness of our approach through a problem in an unknown environment subject to temporal simulated case study. logic specifications. Specifically, given a known set of labels capturing certain elements of interest that can be discovered I. INTRODUCTION during the robot’s navigation through an unknown environ- ment and a temporal logic formula over this set of labels, The flexibility of model checking and automata game we obtain a trajectory that satisfies the formula. techniques, and the proven expressivity of temporal logics Our approach to solving the planning problem takes ad- allow the use of formal methods to extend the applicability vantage of automata-based model checking [6] and runtime of classical robotics problems. In particular, one of the areas verification techniques [7]. We exploit the automata-based within the robotics community that has greatly benefited model checking framework to find a trajectory satisfying the from the use of formal methods is path planning. Temporal formula given the current information about the environment. logics such as the Computation Tree Logic (CTL) [1], However, the incomplete knowledge of the environment Continuous Stochastic Logic (CSL) [2], Linear Temporal potentially has a negative effect on finding such a trajectory. Logic (LTL) [3], and µ-calculus [4], have been effectively Even though the formula is not yet satisfied, there may exist applied to express complex high-level planning specifica- at least one trajectory that does not violate the formula. tions. Furthermore, the adaptation of existing off-the-shelf We use the runtime verification setting to monitor a set of model checking and automaton based tools makes it possible potential trajectories that lead to unexplored areas of the to automatically generate the solution to the path planning environment and select the path that does not violate the problem from such specifications. formula, provided one exists, and is the most promising in In general, solving the path planning problem by means terms of the satisfaction of the formula. of formal methods requires a priori knowledge of the robot’s Our work is related to the problem of reactive synthesis, workspace. There are many applications, such as in search in which a finite state machine satisfying a desired output and rescue operations, where the robot must deal with an behavior subject to a temporal logic constraint is gener- unknown or partially known environment. Despite this lack ated regardless of the input applied [8]. In particular, [9] of knowledge, the robot may be required to plan a strategy presents an approach to automatically synthesize a hybrid that fulfills certain requirements based on the mission at controller that guarantees a user-defined specification while hand. Consider, for instance, a robot deployed in a building exploring a partially known environment. As new regions after an earthquake. Prior information about the building of the environment are detected, the specification is rewrit- may be available in the form of, for example, a blueprint, ten and re-synthesized. Related work includes also [10], but the disaster is likely to have significantly altered the which considers the synthesis of controllers in environments environment. The task given to the robot could be to look with uncertain, but fixed structure. By locally modifying a for survivors, guide them while avoiding unsafe areas, and nominal plan if it fails, the controller is able to deal with unexpected changes in the environment. These works are This work is partially supported at Boston University by the NSF under restricted to the class of Generalized Reactivity (GR)(1) grants CNS-1035588 and CMMI-0928776, and the ONR MURI under grant N00014-09-1051. formulas [11]. Unlike these approaches, in this work we use Medina Ayala is with the Department of Mechanical Engineering, An- syntactically co-safe LTL formulas to express the mission dersson and Belta are with the Department of Mechanical Engineering and specifications. Syntactically co-safe LTL formulas not only the Division of Systems Engineering, Boston University, MA, USA, E-mail: [email protected], [email protected], [email protected] describe finite horizon specifications, expressing a wide A. Medina Ayala is the corresponding author. spectrum of high-level robotic missions, but also belong to 978-1-4673-6358-7/13/$31.00 ©2013 IEEE 5279 the class of languages that are monitorable [12]. Model checking on the TS T for an scLTL formula φ can Other related work includes [13] where the control syn- be conducted by the parallel composition between T and a thesis problem on a graph is constrained to maximize the DFA A that accepts all runs satisfying φ. accumulated reward locally while satisfying an LTL mission Definition 4. Given a TS T = (S; s ; ∆; w; Π; l) and a DFA specification. In order to solve this problem, a receding 0 A = (Q; q ; Σ; δ; F ), their weighted product automaton is a horizon controller is devised to guarantee the fulfillment of 0 DFA AP = (Q ; q ; δ ; w ;F ), where Q = S×Q is the the specification in infinite time. Even though this work P P 0 P P P P set of states, q = (s ; q ) is the initial state, δ ⊆ Q ×Q can locally synthesize a control strategy while satisfying P 0 0 0 P P P is the set of transitions defined by ((s; q); (s0; q0)) 2 δ if and the specification, it still requires knowledge of the graph P 0 l(s) 0 representing the workspace a priori. In contrast, our ap- only if s !T s and q −−!A q , wP : QP × QP ! N is a proach incrementally builds the transition system describing weight function such that wP ((si; qk); (sj ; ql)) = w(si; sj ), the motion of the robot while exploring the environment to where (sj ; ql) 2 δP ((si; qk)), and FP = S × F is the set of find a path satisfying a given specification. final states. An accepting run τ = (s ; q ) ::: (s ; q ) of AP de- II. PRELIMINARIES P 0 0 n n fines an accepting run q0 : : : qn of A over the input word Definition 1. A weighted finite deterministic transition sys- l(s0) : : : l(sn−1). tem (TS) is a tuple T = (S; s0; ∆; w; Π; l) where S is a finite For a DFA A, let A(q) be an identical DFA except for the set of states, s0 2 S is the initial state, ∆ ⊆ S × S is the set initial state, which is redefined in A(q) as q0 = q. Let φ be Σ φ φ φ φ φ of transitions, w : ∆ ! N is a weight function that assigns a an scLTL formula over 2 , and let A = (Q ; q0 ; Σ; δ ;F ) positive value to each transition, Π is a set of observations, be the DFA accepting all the words satisfying φ; i.e., Π :φ :φ :φ :φ :φ and l : S ! 2 is the labeling map. L(φ). Also, let A = (Q ; q0 ; Σ; δ ;F ) be the DFA ∗ 0 0 accepting all the words falsifying φ; i.e., L(:φ). Let u 2 Σ For convenience of notation, we use s !T s if (s; s ) 2 ! ∆. A finite trajectory of a TS is a finite sequence τ = be a finite word. u is a good prefix for φ if 8σ 2 Σ , s s : : : s , where s ! s for all 0 ≤ k ≤ n − 1. The uσ 2 L(φ). On the other hand, u is a bad prefix for φ if 0 1 n k T k+1 8σ 2 Σ!, uσ 2 L(:φ). Furthermore, u is an inconclusive finite trajectory τ generates a finite word π = π0π1 : : : πn, ! where π = l(s ) for all k = 0; : : : n. prefix for φ if and only if for all 8σ 2 Σ , uσ is neither a k k good nor a bad prefix. Definition 2. [14]. A syntactically co-safe LTL (scLTL) A monitor is obtained by defining a Finite State Machine formula over a set of atomic propositions Σ is inductively (FSM) constructed as follows. For the automaton Aφ, the defined as follows: function F φ : Qφ ! B (with B = f>; ?g) is defined. The set F φ(q) = > if and only if L(Aφ(q)) 6= ;; a state q evaluates Φ ::= σ j :σ j Φ _ Φ j Φ ^ Φ j X Φ j Φ U Φj F Φ to > if and only if the language of the automaton starting in φ ^φ φ φ φ ^φ where σ 2 Σ is an atomic proposition, : (negation), _ state q is not empty.