![Page 1: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/1.jpg)
ROSCoq: Robots powered by constructive reals
Abhishek Anand(joint work with Ross Knepper)
March 28, 2015
![Page 2: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/2.jpg)
Goals
Collaborating Robots
I Write robotic programs in Coq
I “Run” them on actual robots using a shim:
I Specify the behavior of the shim, physics, and hardware in a realisticway
I develop Coq proofs of properties about the overall behavior
![Page 3: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/3.jpg)
Goals
I Write robotic programs in Coq
I “Run” them on actual robots using a shim:
I Specify the behavior of the shim, physics, and hardware in a realisticway
I develop Coq proofs of properties about the overall behavior
![Page 4: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/4.jpg)
Goals
I Write robotic programs in Coq
I “Run” them on actual robots using a shim:
I Specify the behavior of the shim, physics, and hardware in a realisticway
I develop Coq proofs of properties about the overall behavior
![Page 5: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/5.jpg)
Goals
I Write robotic programs in Coq
I “Run” them on actual robots using a shim:
I Specify the behavior of the shim, physics, and hardware in a realisticway
I develop Coq proofs of properties about the overall behavior
![Page 6: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/6.jpg)
Goals
I Write robotic programs in Coq
I “Run” them on actual robots using a shim:
I Specify the behavior of the shim, physics, and hardware in a realisticway
I develop Coq proofs of properties about the overall behavior
![Page 7: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/7.jpg)
Convergence of ideas
ROSCoq
RobotOperating
System (ROS)
Logic ofEvents (LoE)
Constructivereal analysis
Nicolas Schiper, Vincent Rahli, Robbert Van Renesse, Marck Bickford,and Robert L. Constable. “Developing correctly replicated databasesusing formal tools”. In: DSN. IEEE, 2014, pp. 395–406
![Page 8: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/8.jpg)
Convergence of ideas
ROSCoq
RobotOperating
System (ROS)
Logic ofEvents (LoE)
Constructivereal analysis
Morgan Quigley, Ken Conley, Brian Gerkey, Josh Faust, Tully Foote,Jeremy Leibs, Rob Wheeler, and Andrew Y. Ng. “ROS: an open-sourceRobot Operating System”. In: ICRA workshop on open source software.Vol. 3. 2009, p. 5
![Page 9: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/9.jpg)
Convergence of ideas
ROSCoq
RobotOperating
System (ROS)
Logic ofEvents (LoE)
Constructivereal analysis
![Page 10: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/10.jpg)
Convergence of ideas
ROSCoq
RobotOperating
System (ROS)
Logic ofEvents (LoE)
Constructivereal analysis
Robbert Krebbers and Bas Spitters. “Type classes for efficient exact realarithmetic in Coq”. In: LMCS 9.1 (Feb. 14, 2013)
Errett Bishop. Foundations of constructive analysis. McGraw-Hill, 1967.394 pp.
![Page 11: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/11.jpg)
The Logic of Events framework
λ s m. . . . λ s m. . . . λ s m. . . .
![Page 12: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/12.jpg)
The Logic of Events framework
λ s m. . . . λ s m. . . . λ s m. . . .
![Page 13: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/13.jpg)
The Logic of Events framework
λ s m. . . . λ s m. . . . λ s m. . . .
![Page 14: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/14.jpg)
The Logic of Events framework
λ s m. . . . λ s m. . . . λ s m. . . .
![Page 15: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/15.jpg)
The Logic of Events framework
λ s m. . . . λ s m. . . . λ s m. . . .
![Page 16: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/16.jpg)
The Logic of Events framework
λ s m. . . . λ s m. . . . λ s m. . . .
![Page 17: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/17.jpg)
ROS : Even single robots are distributed systems
I Based on asynchronous message passing
I Very popular, drivers (as DS agents) available for many robots 1
I 2 https://www.youtube.com/watch?v=rc0vdqjCsBg#t=72
1http://wiki.ros.org/Robots2Abhishek Anand, Hema Swetha Koppula, Thorsten Joachims, and
Ashutosh Saxena. “Contextually guided semantic labeling and search forthree-dimensional point clouds”. In: IJRR (2012).
![Page 18: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/18.jpg)
Architecture of the keyboard finding robot
I Even a single robot looks like a distributed system.
I Some agents (a.k.a nodes in ROS) need to be specified axiomatically.
I Need to model physics.
![Page 19: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/19.jpg)
Architecture of the keyboard finding robot
I Even a single robot looks like a distributed system.
I Some agents (a.k.a nodes in ROS) need to be specified axiomatically.
I Need to model physics.
![Page 20: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/20.jpg)
Architecture of the keyboard finding robot
I Even a single robot looks like a distributed system.
I Some agents (a.k.a nodes in ROS) need to be specified axiomatically.
I Need to model physics.
![Page 21: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/21.jpg)
Architecture of the keyboard finding robot
I Even a single robot looks like a distributed system.
I Some agents (a.k.a nodes in ROS) need to be specified axiomatically.
I Need to model physics.
![Page 22: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/22.jpg)
How to Specify a CPS in ROSCoq
I Define the physical model as a Coq type
I Define the collection of agents
I Specify the behavior of each agentI S/w agent : Coq programI H/w agent : . . .
![Page 23: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/23.jpg)
Running Example
![Page 25: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/25.jpg)
Physical Model of a CPS
Describes how relevant physical quantities evolve over time
![Page 26: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/26.jpg)
Physical Model of a CPS
Describes how relevant physical quantities evolve over time
Record Cart2D (T : Type) : Type := {X : T ; Y: T}.Record iCreate : Type := {position : Cart2D (Time →C R);theta : (Time →C R);
![Page 27: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/27.jpg)
Physical Model of a CPS
Describes how relevant physical quantities evolve over time
Record iCreate : Type := {position : Cart2D (Time →C R);theta : (Time →C R);linVel : (Time →C R);omega : (Time →C R);
derivRot : isDerivativeOf omega theta;derivX : isDerivativeOf (linVel ∗ ( FCos theta)) (X position);derivY : isDerivativeOf (linVel ∗ ( FSin theta)) (Y position);
![Page 28: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/28.jpg)
Semantics of Agents
![Page 29: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/29.jpg)
Semantics of Agents
![Page 30: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/30.jpg)
Semantics of Agents
I PhysModelType → (N → option Event) → Prop
I iCreate → (N → option Event) → Prop
![Page 31: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/31.jpg)
Semantics of Agents
I Can handle non-determinstic devices
I Uniform treatment of both sending and actuation devices
![Page 32: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/32.jpg)
Specification of an iCreate (hardware agent)
Definition HwAgent (ic: iCreate) (evs : nat → option Event): Prop :=onlyRecvEvts evs ∧ ∀ t: QTime,let (lastCmd , tm ) := latestVelPayloadAndTime evs t in
let a : Q := rad (lastCmd) in
let b : Q := θ (lastCmd) in ∃ tr : QTime, (tm ≤ tr ≤ tm + reacTime)∧ (∀ t’ : QTime, (tm ≤ t’ ≤ tr)
→ ( Min ({linVel ic} tm) (a - εv a b)≤ {linVel ic} t’ ≤ Max ({linVel ic} tm) (a+ εv a b)))
∧ (∀ t’ : QTime, (tr ≤ t’ ≤ t) → |{linVel ic} t’ - a | ≤ εv a b )
Time
linVel ic
tm tr
a εv a b
{|v := a;w := b|}
![Page 33: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/33.jpg)
Software Agents
S → Message → (S × list Message).
SwSemantics : (S → Message → (S × list Message)) →(PhysModelType → (N → option Event) → Prop)
![Page 34: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/34.jpg)
Software Agents
S → Message → (S × list Message).
SwSemantics : (S → Message → (S × list Message)) →(PhysModelType → (N → option Event) → Prop)
![Page 35: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/35.jpg)
Software Agents
S → Message → (S × list Message).
SwSemantics : (S → Message → (S × list Message)) →(PhysModelType → (N → option Event) → Prop)
![Page 36: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/36.jpg)
Constructive Reals
r : Q+ → Q
r ε
≤ ε
r
+ : λr1 r2 ε .(r1ε2 + r2
ε2 )
magic of higher order functions
![Page 37: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/37.jpg)
Constructive Reals
r : Q+ → Q
r ε
≤ ε
r
+ : λr1 r2 ε .(r1ε2 + r2
ε2 )
magic of higher order functions
![Page 38: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/38.jpg)
Constructive Reals
r : Q+ → Q
r ε
≤ ε
r
+ : λr1 r2 ε .(r1ε2 + r2
ε2 )
magic of higher order functions
![Page 39: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/39.jpg)
The Program in our running example
Definition robotPureProgam (target : Cart2D Q) : list (Q × Polar2D Q) :=let polarTarget : Polar2D R := Cart2Polar target in
let rotDuration : R := | θ polarTarget | / rotspeed in
let translDuration : R := (rad polarTarget) / speed in
[ (0,{| rad:= 0 ; θ := ( polarθSign target ) * rotspeed |}); ( tapprox rotDuration delRes delEps , {| rad := 0 ; θ := 0 |}); (delay , {| rad := speed ; θ := 0 |}); ( tapprox translDuration delRes delEps , {| rad := 0 ; θ := 0 |}) ].
![Page 40: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/40.jpg)
The Program in our running example
Definition robotPureProgam (target : Cart2D Q) : list (Q × Polar2D Q) :=let polarTarget : Polar2D R := Cart2Polar target in
let rotDuration : R := | θ polarTarget | / rotspeed in
let translDuration : R := (rad polarTarget) / speed in
[ (0,{| rad:= 0 ; θ := ( polarθSign target ) * rotspeed |}); ( tapprox rotDuration delRes delEps , {| rad := 0 ; θ := 0 |}); (delay , {| rad := speed ; θ := 0 |}); ( tapprox translDuration delRes delEps , {| rad := 0 ; θ := 0 |}) ].
tapprox r delRes delEps is a rational of the form ...delRes
| tapprox r delRes delEps - r | ≤ 1+2∗delEps2∗delRes
![Page 41: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/41.jpg)
Recap: How to Specify a CPS in ROSCoq
I Define the physical model as a Coq type
I Define the collection of agents
I Specify the behavior of each agentI S/w agent : Coq message handlerI H/w agent : Coq relation
![Page 42: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/42.jpg)
Proved Property
X
Y
Y’
X’
idealθ
Definition ErrY’: R := (εv 0 w) * ( reacTime + Ev01TimeGapUB)+ (Sin (θErrTrans + θErrTurn)) * ( | target | + speed*timeErr
+ Ev23TimeGapUB * (εv speed 0) )
.
![Page 43: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/43.jpg)
Experiments
target actual video linkX Y X Y-1 1 -1.06 0.94 vid1-1 -1 -1.02 -0.99 vid21 1 1.05 0.94 vid3
![Page 44: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/44.jpg)
Advantages
I Our programs can be directly run on robots.
I Our reasoning explicitly accounts for physical imperfections, andcomputational accuracies
![Page 45: ROSCoq: Robots powered by constructive realsaa755/ROSCoq/CMUMarch26.pdf · Robot Operating System (ROS) Logic of Events (LoE) Constructive real analysis Morgan Quigley, Ken Conley,](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0b62da7e708231d4304361/html5/thumbnails/45.jpg)
Limitations
I Probabilistic reasoningI specification of an ML based car detectorI guarantees of a car using that
I No pre-emption