Formal Modeling and Verification of Publisher-Subscriber Paradigm in ROS 2

TL;DR

This paper introduces a formal framework for modeling and verifying the correctness of ROS 2 publisher-subscriber programs using timed automata, enhancing safety guarantees in real-time robotic systems.

Contribution

It presents a novel formal modeling approach for ROS 2 programs and proves the equivalence of execution sets between the program and the automata model.

Findings

Successful modeling of ROS 2 programs with timed automata

Validation through experiments on real robotic systems

Discussion of the approach's limitations and applicability

Abstract

The Robot Operating System (ROS) is one of the most popular middleware for developing robot applications, but it is subject to major shortcomings when applied to real-time robotic systems in safety-critical environments. For this reason, ROS 2 was released in 2017 for implementing real-time capabilities in distributed robotic systems while supporting the most prominent aspects of the original ROS. There is still not much work done to provide formal guarantees and correctness of a ROS program. In this paper, we propose a framework to address this challenging problem of guaranteeing the correct behaviour of robotic systems. We propose a formal modelling of a ROS 2 program, and also describe the program using a network of timed automata. We then prove that the sets of executions of a ROS program in the model and in the network of timed automata are the same. Thus to analyze a publisher-subscriber scenario of ROS 2 program, our algorithm first converts the program into the model, and then into the network of timed automata. The applicability and validity of our approach are verified by conducting several experiments on a simplified system and an actual robotic system, and the results and limitations are discussed.