Changing the way the world does

software

EMERGENT BEHAVIOUR

Illustrating emergence throughJohn Conway’s Game of Life

• For a space that is populated

– Each cell with 1 or 0 neighbours dies, as if by solitude

– Each cell with 4 or more neighbours dies, as if by overpopulation

– Each cell with 2 or 3 neighbours survives

• For a space that is unpopulated

– Each cell with 3 neighbours becomes populated

Single Cell

Single Cell dies

Evolution of 3 Cells

1 2 3

Evolution of 3 Cells

4

1 2 3

5

Evolution of 3 Cells

4

1 2 3

5

Emergent Behaviour

Generation 10 Generation 0 Generation 5

Generation 20

Generation 15

Generation 26 Generation 27 Generation 28

Generation 29

Advantages of a Swarm Approach - 1

• Flexible

• Robust

– Tasks are completed even if some agents fail.

• Scalable

– From a few agents to many.

• Decentralized

– There is no central control.

Advantages of a Swarm Approach - 2

• Self-organized

– The solutions are emergent.

• Adaptation

– The swarm system can not only adjust to predetermined stimuli but also to new stimuli.

• Parallelism

– Agents' operations are inherently parallel.

ASSURING SWARMS

Technologies Used

SoftwareRequirements

Kapture®

SoftwareDesign

English

Simulink®

Modelworks®

Review

Kapture: English syntax with formal semantics

Modelworks: Gives formal semantics to Simulink

Motivation for Our Tools: DO-178C

• At Section 4.4, Software Life Cycle Environment Planning:

– “The basic principle is to choose requirements development and design methods, tools, and programming languages that limit the opportunity for introducing errors, and verification methods that ensure that errors introduced are detected

Effort per Model - PICASSOS

~80%

~60%~60%~70%

~80%

~80%

Blind seeded with 48 errorsModelworks found 49 errors

VERIFICATION OF ALPHA AND BETA SWARM ALGORITHMS (BASED ON COLLECTION OF AUTONOMOUS SEA VESSELS)

Screenshot of Multiple Definitions in Kapture

Becomes Disconnected

Example of intermediate language generated from Kapture

Results

• Revealed flaw in alpha algorithm in a tenth of a time of published results, verified beta algorithm and explored fault tolerance.

• Demonstrated that requirements for an individual’s contribution to a swarm could be: – captured in a comprehensible template language with a

formal semantics that has a natural language description;– used as a specification to verify a low level design (i.e. can

be directly coded from) in Simulink and Stateflow;– And the swarm property was automatically verified from

the requirements of the individual.

• As opposed to academic approaches…

Panagiotis Kouvaros and Alessio Lomuscio. Verifying Emergent Properties of SwarmsProceedings of the Twenty-Fourth International Joint Conference on Artificial Intelligence (IJCAI 2015)

Recent Work

• Investigating compositional framework for swarms that guarantee desired swarm properties, no matter what the size of the swarm.– Developing a protocol method to guarantee swarm property as

swarm increases.

• Evaluating approach using swarm algorithm from which desired geometric shapes emerge from individual robot/drone behaviour.– Such a shape could be used to present a decoy to an adversary.

• The swarm algorithm has been incorporated into a Simulink and Stateflow design for a verified collision avoidance system for a BVLOS aircraft.

BVLOS ASIDE FOR INDIVIDUAL AIRCRAFT

Basic BVLOS Collision AviodanceVignette

Collision Avoidance Case Study

Pathological Vignette

30

BACK TO SWARMING

Overhead images*, order is left to right

Column formation

Wedge formation

Line formation

Diamond formation

*Images from A General Algorithm for Robot Formations UsingLocal Sensing and Minimal CommunicationJakob Fredslund, Maja J Mataric

Verification

• Expressed the requirements for the algorithm using the D-RisQ Kapture tool.

• Formally verified requirements for the algorithm against a specification of the desired shape moving through 3-D space.

• Formally verified the Simulink/Stateflowdesign against the individual requirements of the algorithm.

Follower: keep in formation

Conductor: listen to navigator

Entity architecture

Conductor?

BVLOS subsystem Navigator

• Go to waypoint

• Avoid collision