Control of Mobile Robots Using Barrier Functions Under Temporal Logic Specifications
JJOURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 1
Control of Mobile Robots Using Barrier FunctionsUnder Temporal Logic Specifications
Mohit Srinivasan,
Student Member, IEEE , and Samuel Coogan,
Member, IEEE
Abstract —In this paper, we propose a framework for thecontrol of mobile robots subject to temporal logic specificationsusing barrier functions. Complex task specifications can be con-veniently encoded using linear temporal logic. In particular, weconsider a fragment of linear temporal logic which encompasses alarge class of motion planning specifications for a robotic system.Control barrier functions have recently emerged as a convenienttool to guarantee reachability and safety for a system. In addition,they can be encoded as affine constraints in a quadratic program.In this paper, a fully automatic framework which translatesa user defined specification in temporal logic to a sequenceof barrier function based quadratic programs is presented.In addition, with the aim of alleviating infeasibility scenarios,we propose methods for composition of barrier functions aswell as a prioritization based control method to guaranteefeasibility of the controller. We prove that the resulting systemtrajectory synthesized by the proposed controller satisfies thegiven specification. Robotic simulation and experimental resultsare provided in addition to the theoretical framework.
Index Terms —Control Barrier Functions, Linear TemporalLogic, Mobile Robots, Quadratic Programs.
I. I
NTRODUCTION
System specifications to be satisfied by mobile roboticsystems are increasing in complexity. For example, motionplanning for systems such as robotic manipulators [1], personalassistants [2], and quadrotors [3] involves complex specifica-tions to be satisfied by the system. Safety critical systemssuch as the power grid [4] and automation floors [5] relyon distributed controllers in order to function in the desiredmanner. These controllers are again tasked with satisfyingcomplex specifications. Hence, failure of these controllers canlead to a collapse of the safety critical infrastructure [6]. Tothat end, synthesizing controllers with formal guarantees ontheir correct functioning is of key importance.In this paper, we present a control architecture for thecontrol of mobile robotic systems subject to linear temporallogic specifications using control barrier functions, whichaddresses some of the challenges in the previously discussedapplications. In particular, we address the issue of situationswhere proposed methods in existing literature can render thecontroller infeasible. With the synthesis of the controller, we
This work was supported in part by DARPA under Grant N66001-17-2-4059 and the National Science Foundation under Grant 1749357Mohit Srinivasan is with the School of Electrical and Computer Engineer-ing, Georgia Institute of Technology, Atlanta, Georgia 30332 USA (e-mail:[email protected]).Samuel Coogan is with the School of Electrical and Computer Engineeringand the School of Civil and Environmental Engineering, Georgia Institute ofTechnology, Atlanta, Georgia 30332 (email: [email protected])Manuscript received month day, 20xx; revised month day, 20xx. then shift focus towards providing formal guarantees regardingthe proposed controller framework. In particular, we provethat the system trajectory generated by the proposed controllersatisfies the given specification.
A. Background
Barrier functions were first introduced in optimization. Ahistorical account of their use can be found in Chapter 3 in[7]. Usage of barrier functions is now common throughout thecontrol, verification and robotics literature due to their naturalrelationship with Lyapunov-like functions. Control barrierfunction (CBF) based quadratic programs (QPs) were firstused in [8], [9] in the context of automotive applications suchas adaptive cruise control (ACC). Recently, control barrierfunctions have been used in the context of multi-agent systemsto guarantee collision avoidance between robots [3], [10],[11]. Given a minimum distance to be maintained between therobots, the safety set is encoded as the super zero level set of azeroing control barrier function (ZCBF) [9]. The authors thenuse a QP based controller with the ZCBFs as affine constraintsin order to guarantee forward invariance of this safety set. Thisin turn implies that the robots never collide. Such a frameworkhas also been applied to quadrotors [3] where the safety set isconsidered to be a super ellipsoid which allows quadrotors toavoid collisions with each other.ZCBFs guarantee asymptotic convergence to desired sets[9]. However, since we focus on motion planning specifica-tions, we require finite time reachability guarantees. Recently,[12], [13] have introduced finite time control barrier functionsfor finite time reachability specifications. In [12], finite timebarrier functions were used to achieve smooth transitionsbetween different behaviors in a multi-agent system. The keyobjective in [12] was to ensure composability of differentformation behaviors by making sure that the multi-agent com-munication graph is appropriate for the next desired formation,whereas in [13], a method for the composition of multiplefinite time barrier functions was introduced. Barrier functionshave also been introduced in hybrid systems theory [14] toguarantee forward invariance of hybrid inclusions.Finite and infinite horizon specifications which are usefulfor mobile robotic systems can be conveniently encoded usinglinear temporal logic (LTL). The power of LTL originates fromthe wealth of tools available in the model checking literature[15] which allows for generating trajectories for the robotsgiven a specification in temporal logic. LTL based control ofrobotic systems has been well studied and standard methodsfirst create a finite abstraction of the original dynamical system a r X i v : . [ c s . R O ] M a r OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 2 [16], [17], [18], [19]. This abstraction can informally beviewed as a labeled graph that represents possible behaviors ofthe system. Given such a finite abstraction, controllers can beautomatically constructed using an automata-based approach[18], [15], [20], [21]. However, abstracting the state spaceis computationally expensive especially with complex systemdynamics and specifications.In our framework, we avoid the difficulties associated withcomputation of any automaton from the specification or adiscretization of the state space. Since CBFs can be conve-niently encoded within a QP, the controller is amenable toreal time implementations without the need for an abstractionof the state space or the system dynamics. Other authors haveexplored discretization free techniques as well. The authors in[22] discuss the use of time varying control barrier functionsfor signal temporal logic tasks (STL). In [23], the authors usetime-varying barrier functions for control of coupled multi-agent systems subject to STL tasks. In both [22] and [23], theauthors do not allow for repetitive tasks, a specification whichcan be captured by our proposed framework. The authorsin [24], [25], [26] discuss control methods for STL tasks.However, the methods proposed result in computationallyexpensive mixed integer linear programs. Control methods inthe discrete time non-deterministic setting have been exploredby [27]. Learning based frameworks are discussed by theauthors in [28], [29], [30]. Control techniques for continuous-time multi-agent systems given fragment of STL tasks hasbeen presented in [31]. The authors in [32] discuss a similarcontinuous time method. However, a non-convex optimizationproblem may have to be solved.
B. Contributions
There are two primary contributions of this work. First,we propose a barrier function based controller framework tosynthesize system trajectories that satisfy a given user definedspecification. In particular, the proposed framework automat-ically translates the user defined specification formalized in asubset of linear temporal logic (LTL) to a sequence of barrierfunction based quadratic programs. The approach adopted inthis paper is a discretization free approach which alleviatessome of the computational issues arising from abstractionbased control of mobile robots [16], [17], [18], [19], [20], [21].Then, we provide formal guarantees that the proposed con-troller framework produces a system trajectory that satisfies thegiven specification. The proposed family of LTL specificationsin our work can capture more complex specifications than thefragment considered in [22], [23]. In addition, our guaranteesare different from other papers on temporal logic based controlusing barrier functions [22], [23] in that we characterize thefamily of trajectories that satisfy the given specification, andthen prove that the proposed controller indeed produces atrajectory that belongs to the set of satisfying trajectories. Thetrajectory generated by the proposed CBF based controller isanalyzed and the guarantees of CBFs translate to guaranteeson the system trajectory.Second, we address the issue of controller infeasibility forboth reachability and safety objectives, a common difficulty in CBF based real-time control [33], [34]. We first illustratea scenario where the method of encoding multiple finitetime reachability objectives individually in a CBF based QPframework—as proposed in, e.g. , [12]—fails. This is becauseencoding each reachability specification as a separate con-straint in the QP is restrictive when the reachability objectiveis defined by multiple CBFs. We instead propose a methodto compose multiple finite time control barrier functions as asingle QP constraint which results in a larger feasible set whileretaining the same guarantees as those established in [12].Next, we consider the case when some safety specifications(captured using ZCBFs) are in conflict with others and proposea prioritization scheme, similar to the method discussed in[35], in order to relax the ZCBFs which characterize the safetyconstraints. We guarantee satisfaction of the reachability taskswhile minimally violating the safety specifications. While nota main focus of this paper, this relaxation is a novel refor-mulation of ideas presented in [9] and [35] for use in motionplanning problems with finite time reachability constraints.A preliminary version of this work was presented in ourconference paper [13] where we formulated the notion ofcomposition of multiple finite time control barrier functions.In the present paper, we significantly extend those results inorder to synthesize an automated framework (full solution) totransition from a specification belonging to a fragment of LTL,to the barrier function based controller.This paper is organized as follows. Section II intro-duces control barrier functions, linear temporal logic and thequadratic program based controller used for trajectory gen-eration of the system. In Section III, we discuss the problemstatement that is addressed in this paper. Section IV introducesthe idea of composite finite time control barrier functions[13] and the prioritization scheme for different zeroing barrierfunctions. In Section V, we propose the QP based controllerand develop the theoretical framework which provides a formalguarantee that the proposed controller synthesizes a systemtrajectory that satisfies the given specification. Section VIdiscusses a multi-agent system case study with simulation andexperimental results. Section VII provides concluding remarks.II. M
ATHEMATICAL B ACKGROUND
In this section, we provide background on control barrierfunctions (CBFs) and the guarantees on invariance and reach-ability of sets obtained from them, linear temporal logic (LTL)which is the specification language, and the quadratic program(QP) based controller with the CBFs as constraints which willbe used to synthesize the trajectory for a control-affine roboticsystem.
A. Control Barrier Functions (CBFs)
Consider a continuous time, control-affine dynamical sys-tem ˙ x = f ( x ) + g ( x ) u , (1)where f : X → R n and g : X → R n × m are locally Lipschitzcontinuous, x ∈ X ⊆ R n is the state of the system, and u ∈ R m is the control input applied to the system. OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 3
Before we introduce the notion of control barrier functions,we define an extended class K function [36] α : R → R as afunction that is strictly increasing and α ( ) = Definition 1 (Zeroing Control Barrier Function (ZCBF)) . Acontinuously differentiable function h : X → R is a zeroingcontrol barrier function (ZCBF) if there exists a locally Lips-chitz extended class K function α such that for all x ∈ X , sup u ∈ R m (cid:26) L f h ( x ) + L g h ( x ) u + α ( h ( x )) (cid:27) ≥ where L f h ( x ) = ∂ h ( x ) ∂ x f ( x ) and L g h ( x ) = ∂ h ( x ) ∂ x g ( x ) are the Liederivatives of h along f and g respectively. (cid:3) Let Σ ⊆ X be a safety set defined as Σ = { x ∈ X | h ( x ) ≥ } where h : X → R is a ZCBF. The set of control inputs thatsatisfy (2) at any given state x ∈ X is then defined as U Σ ( x ) = (cid:26) u ∈ R m | L f h ( x ) + L g h ( x ) u + α ( h ( x )) ≥ (cid:27) . (3)One can guarantee forward invariance of desired sets underthe existence of a suitable ZCBF as formalized in the followingproposition. Proposition 1 (Corollary 1, [9]) . If h is a ZCBF, then anycontinuous feedback controller satisfying u ∈ U Σ ( x ) rendersthe set Σ forward invariant for the system (1) . (cid:4) We now define finite time convergence control barrierfunctions, first introduced in [12], which guarantee finite timeconvergence to desired sets in the state space.
Definition 2 (Finite Time Convergence Control Barrier Func-tion (FCBF)) . A continuously differentiable function h : X → R is a finite time convergence control barrier function if thereexist parameters ρ ∈ [ , ) and γ > such that for all x ∈ X , sup u ∈ R m (cid:8) L f h ( x ) + L g h ( x ) u + γ · sign ( h ( x )) · | h ( x ) | ρ (cid:9) ≥ where L f h ( x ) = ∂ h ( x ) ∂ x f ( x ) and L g h ( x ) = ∂ h ( x ) ∂ x g ( x ) . (cid:3) Let Γ ⊆ X be a target set defined as Γ = { x ∈ X | h ( x ) ≥ } where h : X → R . Let the set of control inputs that satisfy (4)at any state x ∈ X be given by U Γ ( x ) = (cid:26) u ∈ R m (cid:12)(cid:12)(cid:12)(cid:12) L f h ( x )+ L g h ( x ) u + γ · sign ( h ( x )) ·| h ( x ) | ρ ≥ (cid:27) (5)If h is a FCBF, then there exists a control input u that drivesthe state of the system x to the target set { x ∈ X | h ( x ) ≥ } in finite time, as formalized next. Proposition 2 (Proposition III.1, [12]) . If h is a FCBF for (1) , then, for any initial condition x ∈ X and any continuousfeedback control u : X → R m satisfying u ∈ U Γ ( x ) for all x ∈X , the system will be driven to the set Γ in a finite time < T < ∞ such that x ( T ) ∈ Γ , where the time bound is givenby T = | h ( x ) | − ρ γ ( − ρ ) . Moreover, Γ is forward invariant so that thesystem remains in Γ for all t ≥ T . (cid:4)
ZCBFs and FCBFs will form the basis for our control syn-thesis methodology. Next, we discuss the temporal languageused to specify complex robotic system specifications in ourframework.
B. Linear Temporal Logic
Complex and rich system properties can be expressed suc-cinctly using linear temporal logic (LTL). The power of LTLlies in the wealth of tools available in the model checkingliterature [15] which can be leveraged for the synthesis ofcontrollers in the continuous domain. LTL formulas are devel-oped using atomic propositions which label regions of interestwithin the state space. These formulas are built using a specificgrammar. LTL formulas without the next operator are givenby the following grammar [15]: φ = π |¬ φ | φ ∨ φ | φ U φ (6)where π is a member of the set of atomic propositionsdenoted by Π , and φ is a propositional formula that representsan LTL specification. Since we deal with continuous timesystems in this work, the use of the “next” operator ( (cid:13) )lacks meaningful interpretation, and hence, this operator isnot included in our framework. Nonetheless, a large classof motion planning specifications (for example, the class ofspecifications proposed in [37] and characterized below inDefinition 3 do not require the next operator. In particular,finite time reachability specifications can be encoded in ourproposed work.We use the standard graphical notation for the temporal op-erators including (cid:3) (“Always”), ♦ (“Eventually”), ♦(cid:3) (“Per-sistence”) and (cid:3)♦ (“Recurrence”). From the negation ( ¬ ) andthe disjunction ( ∨ ) operators, we can define the conjunction( ∧ ), implication ( → ), and equivalence ( ↔ ) operators. We canthus derive for example, the eventually ( ♦ ) and always ( (cid:3) )operators as ♦ φ = (cid:62)U φ and (cid:3) φ = ¬ ♦ ¬ φ respectively. Belowwe provide informal interpretations of these operators withrespect to an LT L formula φ . • ♦ φ is satisfied if φ is satisfied sometime in the future.That is, φ is satisfied at some point of time in the future. • (cid:3) φ is satisfied if φ is satisfied for all time. That is, φ issatisfied for all time. • ♦(cid:3) φ is satisfied if φ becomes satisfied at some point oftime in the future and then remains satisfied for all time. • (cid:3)♦ φ is satisfied if φ is satisfied infinitely often at variouspoints of time in the future.Next we discuss the QP based controller which will be usedfor the synthesis of the system trajectory. C. Quadratic Program (QP) based controller
Given a FCBF or ZCBF h , the constraints (3) and (5)are affine in the control input u , and hence they can beconveniently encoded as affine constraints in a QP. Hencethis formulation is amenable to efficient online computationof feasible control inputs. In particular, for fixed x ∈ X , therequirement that u ∈ U Γ ( x ) and/or u ∈ U Σ ( x ) becomes a linearconstraint and we define a minimum energy quadratic program(QP) as min u ∈ R m || u || s.t u ∈ U Γ ( x ) and/or u ∈ U Σ ( x ) . (7)We note that (7) can encode both finite time reachabilityas well as forward invariance requirements as constraints in OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 4 the QP. This QP when solved returns the pointwise minimumnorm control law that drives the system to the goal set Γ infinite time and/or guarantees invariance of Σ . We will referencethis idea of a QP based controller throughout this paper in thecontext of our theoretical framework. Remark 1.
We note that multiple ZCBFs and multiple FCBFscan be encoded as separate constraints in the QP. In thiscase, we solve a single QP with multiple barrier functionconstraints. For example, see [9], [12].
III. P
ROBLEM S TATEMENT
In this paper, we consider a continuous time mobile roboticsystem in control affine form as in (1). We assume that X contains regions of interest which are labeled by a set ofatomic propositions Π = { π , π , π , . . . , π n } with the labelingfunction L : X → Π so that π ∈ Π is true at x ∈ X if and only if π ∈ L ( x ) . These regions may overlap and need not constitute apartition or cover of X . For each σ ∈ Π , we have L − ( σ ) = { x ∈ X | σ = L ( x ) } . Let Π aug = { π , π , . . . , π n , π , π , . . . , π n } be the augmented set of atomic propositions where we define π i = ¬ π i for all i ∈ { , , . . . , n } . The set Π aug is also calledthe set of literals [15]. Thus, we identify ¬ π i = π i for all i ∈ { , , . . . , n } . In addition, define S ( Π aug ) = { J ⊂ Π aug | π ∈ J = ⇒ ¬ π (cid:54)∈ J for all π ∈ Π aug } (8) P ( Π aug ) = { J ⊂ Π aug | ( π i ∈ J ) ⊕ ( π i ∈ J ) for all i ∈ { , , . . . , n }} (9)where ⊕ is the exclusive disjunction operator. Observe that P ( Π aug ) ⊂ S ( Π aug ) . A subset of Π aug belongs to the family S ( Π aug ) if it does not contain an atomic proposition and itsnegation simultaneously, and it further belongs to P ( Π aug ) ifit contains each atomic proposition exclusive-or its negation.We consider a fragment of LTL, denoted by LT L robotic ,which is a modification of the fragment considered in [38].Our proposed fragment covers a large class of motion planningtasks, such as the ones discussed in [37], expected from arobotic system.
Definition 3 (Fragment of LTL) . The fragment LT L robotic isdefined as the class of LTL specifications of the form φ = φ globe ∧ φ reach ∧ φ rec ∧ φ act (10) where φ globe = (cid:3) ψ , φ reach = (cid:86) j ∈ I ♦ ψ j , φ rec = (cid:86) j ∈ I (cid:3)♦ ψ j and φ act = ♦(cid:3) ψ . Here I and I are finite index sets and ψ , ψ j for all j, ψ j for all j and ψ are propositional formulasof the form ψ i = (cid:86) ∀ π ∈ J i π with J i ∈ S ( Π aug ) for all i ∈ { , } , ψ ji = (cid:86) ∀ π ∈ J ji π with J ji ∈ S ( Π aug ) for all i ∈ { , } and for allj ∈ I i . (cid:3) Below we provide informal definitions of the specificationsappearing in the above definition. • φ globe : This type of specification captures properties thatmust hold throughout the execution of the system. For example, collision avoidance with obstacles must hold atall times when a robot is navigating in the workspace. • φ reach : Specifications of this form capture finite timereachability requirements for the system. For example,a robot must reach a region of interest within a finitetime. • φ rec : This recurrence specification captures, for instance,scenarios where the system must visit regions infinitelyoften. For example, a robot must visit room A and roomB infinitely often. • φ act : This type of specification captures persistence re-quirements. For example, a robot must reach a regionand then stay within the region for all time.As compared to [38], we additionally incorporate reacha-bility specifications ( ♦ ) without increasing the system com-plexity due to the abstraction free nature of our proposedframework. We do not include response-to-environment speci-fications ( (cid:3) ( A = ⇒ ♦ B ) ) since time-varying or reactive systemspecifications are not considered in the context of our proposedbarrier function framework. With regard to other widely usedfragments, our proposed fragment allows for persistence ( ♦(cid:3) )which cannot be expressed by the Generalized Reactivity(GR(1)) fragment or computation tree logic (CTL) [39]. Ourproposed fragment also allows for repetitive tasks ( φ act and φ rec ) which cannot be captured by the fragment consideredin very recent work on barrier function based control usingtemporal logic [22], [23].For any propositional formula ψ omitting temporal opera-tors ( e.g. , a conjunction of literals) we define the following. Definition 4 (Proposition Set) . The proposition set for apropositional formula ψ , denoted (cid:74) ψ (cid:75) , is the set of all statesthat satisfy ψ . That is, (cid:74) ψ (cid:75) = { x ∈ X | L ( x ) | = ψ } (11) where L ( x ) | = ψ signifies that ψ is true under the evaluationfor which all and only propositions in L ( x ) ⊂ Π are true. (cid:3) We assume that for each atomic proposition π ∈ Π , thereexists a continuously differentiable function h : X → R suchthat (cid:74) π (cid:75) = { x ∈ X | h π ( x ) ≥ } . In this paper, similar to theassumption in [9], we assume that L g h π ( x ) (cid:54) = x ∈X . We ignore the measure-zero set { x ∈ X | h π ( x ) = } , andidentify (cid:74) π (cid:75) = { x ∈ X | h π ( x ) < } for each π ∈ Π . Thus wedefine h π ( x ) = − h π ( x ) for all π ∈ Π .The fragment LT L robotic encompasses a class of specifica-tions which cover properties such as finite time reachability,persistence, recurrence, and invariance. These properties areuseful to express a number of common robotic system speci-fications.Recall that for any σ ∈ Π , L − ( σ ) = { x ∈ X | σ = L ( x ) } .We define a trace as a sequence of sets of atomic propositions.The trace of a trajectory x ( t ) of a continuous time dynamicalsystem is defined as the sequence of propositions satisfied bythe trajectory. This is formalized in the definition below. Definition 5 (Trace of a trajectory [40]) . An infinite sequence σ = σ σ . . . where σ i ⊆ Π for all i ∈ N is the trace of a OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 5 trajectory x ( t ) if there exists an associated sequence t t t . . . of time instances such that t = , t k → ∞ as k → ∞ and foreach m ∈ N , t m ∈ R ≥ satisfies the following conditions: • t m < t m + • x ( t m ) ∈ L − ( σ m ) • If σ m (cid:54) = σ m + , then for some t (cid:48) m ∈ [ t m , t m + ] , x ( t ) ∈ L − ( σ m ) for all t ∈ ( t m , t (cid:48) m ) , x ( t ) ∈ L − ( σ m + ) for allt ∈ ( t (cid:48) m , t m + ) , and either x ( t (cid:48) m ) ∈ L − ( σ m ) or x ( t (cid:48) m ) ∈ L − ( σ m + ) . • If σ m = σ m + for some m, then σ m = σ m + k for all k > and x ( t ) ∈ L − ( σ m ) for all t ≥ t m . (cid:3) The last condition of the above definition implies that atrace contains a repeated set of atomic propositions only if thisset is then repeated infinitely often. This is useful to capturefor example, a stability condition of the system. By forbiddingrepetitions in other cases, we ensure that a particular trajectorypossesses a unique trace. This exclusion is without loss ofgenerality since we only consider
LT L robotic specificationswithout the next operator.We now define the problem statement that is addressed inthis paper.
Problem Statement.
Given a specification in LT L robotic as in (10) which is to be satisfied by a mobile robotic system withdynamics as in (1) , synthesize a point-wise minimum normcontroller as in (7) which produces a system trajectory whosetrace satisfies the given specification.
In this paper, we are interested in generating system tra-jectories using controllers of the form (7), which guaranteesatisfaction of the given LTL robotic specification. As a sec-ondary objective, we are interested in achieving the statedtask by expending minimum power, point-wise in time. Theseobjectives are captured by the problem statement.Before we detail the theoretical framework to address theabove problem statement, we discuss scenarios where the QPbased controller (7) could be infeasible and present approachesto alleviate infeasibility. This is important since infeasibilitycan lead to violation of the LTL specification.IV. F
EASIBILITY OF QP BASED C ONTROLLER
Given a specification φ in LT L robotic , in this section, wefocus on scenarios where using existing methods in literature[9], [12], [41] will render the controller infeasible, and providesolutions for the same. Subsection A discusses Theorem 1which appeared in our conference paper [13], while subsectionB proposes a relaxed formulation of the QP based controller.
A. Composite Finite Time Control Barrier Functions
Consider two robots R and R as shown in the workspace inFig 1. Suppose R is sensing information from R and hencemust always stay within the sensing radius of R . Supposewe have two regions of interest A , B and the base C . Let D represent a corridor in the state space (denoted by the dottedlines in Fig 1) where R must maintain a very small distanceof connectivity with R . This could represent, for example,an area with very poor network connectivity and hence the robots must resort to communication over small distances. Letthe specification for the multi-agent system be given as φ = ♦ ( π A ∧ π B ) ∧ ♦ ( π C ∧ π C ) ∧ (cid:3) π conn where π A is the propositionthat is true when R is in A , π B is the proposition that istrue when R is in B , and π conn is the proposition that is truewhen the robots must maintain connectivity at all times. Inother words, R must visit A , R must visit B and then bothmust return to the base C . In addition, R must always stayconnected with R . The workspace is as shown in Fig 1.Figure 1: Representative trajectories for R and R that satisfythe specification φ = ♦ ( π A ∧ π B ) ∧ ♦ ( π C ∧ π C ) ∧ (cid:3) π conn . Thearea with less connectivity is the corridor D . Observe that R and R need to maintain a small distance of connectivitywithin the corridor D .By following the method proposed in [12], the QP that isto be solved is as follows:min u ∈ R || u || s.t L f h A ( x ) + L g h A ( x ) u ≥ − γ · sign ( h A ( x )) · | h A ( x ) | ρ L f h B ( x ) + L g h B ( x ) u ≥ − γ · sign ( h B ( x )) · | h B ( x ) | ρ L f h conn ( x ) + L g h conn ( x ) u ≥ − α ( h conn ( x )) (12)where α is a locally Lipschitz extended class κ function, γ > ρ ∈ [ , ) , x is the state of R , x is the state of R , x = (cid:2) x x (cid:3) T is the total state of the system, h A is the FCBFwhich represents A , h B is the FCBF which represents B , and h conn is the ZCBF which dictates the connectivity radius tobe maintained by R with R . Note that [12] considers onlyreachability tasks and not more general LTL tasks. In addition,[12] requires multiple reachability specifications to be encodedas separate constraints in a QP, as discussed above.However, this QP becomes infeasible at the point when R and R reach the corridor D . This is because the firstconstraint in (12) dictates that R make progress towards A ,but the third constraint dictates that R move closer to R andhence move away from A . This leads to an empty solutionspace thus rendering the QP infeasible. This shows that theabove formulation of encoding multiple reachability objectivesas individual constraints is too restrictive.In light of the above scenario, we propose a method in whichwe compose multiple FCBFs. By ensuring that the total sumof the finite time barrier functions is always increasing, we OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 6 can allow for decrease in the values of some of the individualbarrier functions thereby allowing some robots to move awayfrom their desired sets temporarily. This provides a largersolution space for the QP. This is formalized in the followingtheorem.
Theorem 1.
Consider a dynamical system in control-affineform as in (1) . Given Γ ⊂ X defined by a collection of q ≥ functions { h i ( x ) } qi = such that Γ = q (cid:84) i = { x ∈ X | h i ( x ) ≥ } and for i = { , , , ..., q (cid:48) } with q (cid:48) < q, h i ( x ) is bounded i.e.h i ( x ) < M i for all x ∈ X , for M i > . If there exists a collection { α i } q (cid:48) i = with α i ∈ R > , parameters γ > , ρ ∈ [ , ) and acontinuous controller u ( x ) where u : X → R m , such that forall x ∈ X q (cid:48) ∑ i = (cid:26) α i ( L f h i ( x ) + L g h i ( x ) u ( x )) (cid:27) + γ · sign (cid:18) min (cid:26) h ( x ) , h ( x ) , . . . , h q (cid:48) ( x ) (cid:27)(cid:19) ≥ L f h i ( x ) + L g h i ( x ) u ( x ) + γ · sign ( h i ( x )) · | h i ( x ) | ρ ≥ ∀ i ∈ (cid:8) q (cid:48) + , . . . , q (cid:9) (14) then under the feedback controller u ( x ) , for all initial condi-tions x ∈ D , there exists < T < ∞ such that x ( T ) ∈ Γ .Proof. By contradiction, suppose for some x ∈ X \ Γ the con-trol law u ( x ) that satisfies (13) and (14) is such that there doesnot exist a finite time 0 < T < ∞ so that x ( T ) ∈ Γ . In particular,then for all t > min (cid:26) h ( x ( t )) , h ( x ( t )) , . . . , h q ( x ( t )) (cid:27) < x ( t ) is the solution to (1) initialized at x ( ) under thecontrol law u ( x ) . By (14) for all t > T i = | h i ( x ) | − ρ γ ( − ρ ) , we have h i ( x ( t )) ≥ i = { q (cid:48) + , . . . , q } by Proposition 1. To thatend, if we define T (cid:48) = max i = q (cid:48) + ,..., q { T i } , then for all t > T (cid:48) wehave, min (cid:26) h ( x ( t )) , h ( x ( t )) , . . . , h q (cid:48) ( x ( t )) (cid:27) <
0. In particular,observe that ddt q (cid:48) ∑ i = (cid:26) α i h i ( x ( t )) (cid:27) = q (cid:48) ∑ i = (cid:26) α i ( L f h i ( x ) + L g h i ( x ) u ( x )) (cid:27) (15)so that by integration of (15) using the fundamental theoremof calculus and (13), we have q (cid:48) ∑ i = (cid:26) α i h i ( x ( t )) (cid:27) ≥ γ · ( t − T (cid:48) ) + q (cid:48) ∑ i = (cid:26) α i h i ( x ( T (cid:48) )) (cid:27) . We observe that as t → ∞ , q (cid:48) ∑ i = (cid:26) α i h i ( x ( t )) (cid:27) → ∞ . But this is acontradiction since h i ( x ( t )) for i = { , . . . , q (cid:48) } is bounded i.e. q (cid:48) ∑ i = (cid:26) α i h i ( x ( t )) (cid:27) < q (cid:48) ∑ i = α i M i . Thus, there exists a 0 < T < ∞ such that x ( T ) ∈ q (cid:84) i = { x ∈ X | h i ( x ) ≥ } . (cid:4) If all the functions are bounded, then q (cid:48) = q and so we will have only(13) as a constraint in the QP ∀ i ∈ { , ,..., q } Theorem 1 allows a system to reach an intersection of mul-tiple regions in the state space using a single barrier certificateconstraint. In contrast, [12] proposes a more restrictive solutionto the constrained reachability problem with desired level setsbeing individually defined by multiple FCBFs in a QP. Inparticular, [12] proposes the set of control laws U given by U ( x ) = { u ∈ R m | L f h i ( x ) + L g h i ( x ) u + γ · sign ( h i ( x )) ≥ ∀ i ∈ { , . . . , q }} . (16)Note that this is equivalent to taking q (cid:48) = U ( x ) = { u ∈ R m | (13) and (14) are satisfied } , (17)and (cid:98) Γ = q (cid:83) i = { x ∈ X | h i ( x ) ≥ } . We then formulate the follow-ing corollary. Corollary 1.
Under the hypotheses of Theorem 1 with q (cid:48) ∑ i = α i ≥ , the set U ( x ) defined in (17) is a superset to the set U ( x ) defined in (16) . That is, U ( x ) ⊆ U ( x ) for all x ∈ X \ (cid:98) Γ .Proof. Note that for q (cid:48) = q (cid:48) =
1, it follows that U ( x ) = U ( x ) . For any q (cid:48) ∈ { , . . . , q − } , consider any u ( x ) ∈ U ( x ) applied to the system (1). Hence, we have that L f h i ( x ) + L g h i ( x ) u ( x ) ≥ − γ · sign ( h i ( x ( t ))) ≥ γα i ( L f h i ( x ) + L g h i ( x ) u ( x )) ≥ α i · γ for all i ∈ { , , . . . , q } since x ∈ X \ (cid:98) Γ . Summing the inequali-ties for the barrier functions from i = , , . . . , q (cid:48) , we get q (cid:48) ∑ i = (cid:26) α i ( L f h i ( x ) + L g h i ( x ) u ( x )) (cid:27) ≥ q (cid:48) ∑ i = α i · γ ≥ γ where the last inequality follows by assumption that q (cid:48) ∑ i = α i ≥
1. This implies u ( x ) satisfies (13) sincesign (cid:18) min (cid:26) h ( x ) , h ( x ) , . . . , h q (cid:48) ( x ) (cid:27)(cid:19) < x ∈ X \ (cid:98) Γ ,and L f h i ( x ) + L g h i ( x ) u ( x ) ≥ − γ · sign ( h i ( x ( t ))) for all i ∈ { q (cid:48) + , . . . , q } which implies u ( x ) also satisfies (14).Hence, u ( x ) ∈ U ( x ) . Thus the corollary follows. (cid:4) Theorem 1 allows for additional directions of evolution forthe system state thereby resulting in a more relaxed approachto the finite time reachability problem. Corollary 1 providesan intuition regarding the key take-away from Theorem 1.
B. Prioritization of Zeroing Control Barrier Functions
In this subsection, we introduce a methodology for prioritiz-ing different ZCBFs. In particular, our proposed formulationis similar to [35] where different tasks represented by multipleZCBFs are prioritized for a multi-agent system. In particular,we stipulate that the performance objective dictated by theFCBFs must never be relaxed, and hence, they are encodedas hard constraints (i.e. constraints which must never beviolated), whereas the ZCBFs can be relaxed and hence, they
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 7 are encoded as soft constraints (i.e. constraints which couldpotentially be violated). Our proposed method is different from[35] in the sense that, in addition to the ZCBFs, we alsoincorporate FCBFs which are treated as hard constraints inthe QP based controller.Consider the following motivating example. Suppose wehave a goal region G = { x ∈ X | h G ( x ) ≥ } where h G : X → R isa FCBF, encapsulated by an obstacle O = { x ∈ X | h O ( x ) ≤ } where h O : X → R is a ZCBF. Suppose the specification for therobot is φ = ♦ G ∧ (cid:3) ¬O . By following the method proposedin existing works such as [10], [11], [3], [12], the QP that isto be solved is as follows:min u ∈ R m || u || s.t L f h G ( x ) + L g h G ( x ) u ≥ − γ · sign ( h G ( x )) · | h G ( x ) | ρ L f h O ( x ) + L g h O ( x ) u ≥ − α ( h O ( x )) (18)where γ > ρ ∈ [ , ) and α is a locally Lipschitz extendedclass κ function.However, since the goal is encapsulated by the obstacle,the two constraints are in conflict and hence the QP will beinfeasible. In order to tackle scenarios such as the one above,we propose a relaxed formulation of the QP similar to the onein [9], [35].Consider p ZCBFs and n FCBFs. Let P be the index setsfor the zeroing barrier functions. Some or all of the ZCBFsmay be in conflict with the composite FCBF. The generalizedrelaxed QP is of the form,min v = (cid:104) u T , ε , . . . , ε p (cid:105) T ∈ R m + p || u || + Ξ T W Ξ s.t (13) holds L f h i ( x ) + L g h i ( x ) u ( x ) ≥ − α i ( h i ( x )) − ε i , ∀ i ∈ P (19)where Ξ = (cid:2) ε , ε , . . . , ε p (cid:3) T ∈ R p , W ∈ R p × p is a diagonalmatrix with the diagonal elements as ( w , w , . . . , w p ) where w i ∈ R > is a weight associated with the the slack variable ε i for all i ∈ { , , . . . , p } , and α i is a locally Lipschitz extendedclass κ function. The weight matrix W allows one to encodethe notion of “priority” for the barrier functions. For example,if the weight w i corresponding to the slack variable ε i is large,then then i th ZCBF has higher priority over other constraints.
Remark 2.
Similar to the discussion in Remark 2 in [9], ifthe reachability and invariance constraints are not in conflict,then with an appropriate choice of the weight matrix W , wewill have ε i ≈ for some i ∈ { , , . . . , q } . Also, note that weextend the formulation provided in [9] from two constraints tomultiple constraints. The relaxed QP returns a control law that allows the systemto reach the desired level set in a finite time while minimallyviolating the invariance constraints if there is a conflict withthe FCBF. We present the following case study which uses therelaxation based controller (19).
1) Example:
Consider an omnidirectional robot with dy-namics ˙ x = u where x ∈ X ⊂ R , and u ∈ R . Let D ⊂ X be a compact domain in the state space. The workspace isas shown in Fig 2. Suppose we have two unsafe regions Figure 2: A family of trajectories for the robot generated bythe relaxed QP (19). By changing the values of the entries inthe weight matrix W , one can encode the notion of priorityfor different regions in the state space as can be seen from thevarious trajectories. A and B and a goal region C . Let C be contained within A and B . Suppose the specification to be satisfied by therobot is φ = ♦ C ∧ (cid:3) ( ¬ A ∧ ¬ B ) . From Fig 2, we observe thatsatisfaction of φ is impossible without entering the regions A or B . However, suppose that region A has greater priority thanregion B and hence violation of B is allowed to some extent.With this additional flexibility, we can employ the proposedQP as in (19) with the weights w A ∈ R > set to be a largevalue and w B ∈ R > set to be a small value. We then solve(19) which gives us a family of trajectories (depending on thevalues of the weights w A and w B ) of the robot as shown inFig 2. Observe that with different weights w A and w B for theregions in the QP, we obtain a different trajectory. This allowsone to also encode the notion of priority in the QP.V. S YNTHESIS AND A NALYSIS OF Q UADRATIC P ROGRAMBASED C ONTROLLER
In this section, we detail the theoretical framework whichprovides formal guarantees that the quadratic program (QP)based controller indeed produces a system trajectory that satis-fies the given specification. We also describe the methodologyto synthesize the barrier funtion based QP controller given an
LT L robotic specification.
A. Lasso Type Constrained Reachability Objectives
It is well established that if there exists a trace that satisfiesa specification belonging to the fragment
LT L robotic , then thereexists a trace which satisfies the specification in lasso or prefix-suffix form ( [15], pp 272), where a trace σ is in lasso form if itis comprised of a finite horizon prefix σ pre and a finite horizonsuffix σ suff that is repeated infinitely often. Both σ pre and σ suff are finite sequences of sets of atomic propositions suchthat the trace σ is equal to the prefix followed by an infiniterepetition of the suffix. Such a lasso-type trace is denoted as σ = σ pre ( σ suff ) ω , where ω denotes infinite repetition. Atomicpropositions of a continuous time dynamical system are sub-sets of the domain, and, hence, it is possible to interpret suchlasso traces as sequences of constrained reachability problems OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 8 in lasso form, which forms the basis of our control synthesismethodology. This is formalized in the following definitions.
Definition 6 (Constrained reachability objective) . Given atarget set Γ ⊂ X and a safety set Σ ⊂ X , the constrainedreachability objective , denoted by R ( Σ , Γ ) , is defined as thereachability problem to be solved so that the state of the systemreaches the set Γ in finite time while remaining in Σ until itreaches Γ . (cid:3) The constrained reachability objective for a system (1) issolved from a given initial condition in Σ if a control policyis found which drives the state of the system to Γ whileremaining in Σ until it reaches Γ . For example, a reachabilityobjective denoted by R ( B , A ) signifies that the system mustreach region A in finite time while staying in region B untilit reaches region A . The constrained reachability objectiveimplies finding a control policy that solves the above objectivesuccessfully. Definition 7 (Lasso Type Constrained Reachability Sequence) . A lasso-type constrained reachability sequence is a sequenceof constrained reachability objectives in lasso form such thateach subsequent safety set is compatible with the prior goalset. That is, a lasso-type constrained reachability sequence hasthe form R lasso = (cid:18) R R . . . R p (cid:19)(cid:18) R p + , R p + . . . R p + (cid:96) (cid:19) ω , (20) where p > , (cid:96) ≥ , and each R j = R ( Σ j , Γ j ) for some Γ j , Σ j ⊂X satisfying Γ j ⊆ Σ j + for all j ∈ { , , . . . , p + (cid:96) − } and Γ p + (cid:96) ⊆ Σ p + . The sequence ( R R . . . R p ) is a finite horizonprefix objective and ( R p + , R p + . . . R p + (cid:96) ) is a finite horizonsuffix objective that is repeated infinitely often. (cid:3) The lasso-type constrained reachability sequence is consid-ered feasible if each constituent reachability objective is solvedsuccessfully in sequence. For example, consider the taskspecification, “The robot must first visit region A , then region B , while avoiding the obstacle C . The lasso-type reachabilitysequence that satisfies this task is given by R lasso = (cid:18) R R (cid:19)(cid:18) R (cid:19) ω where R = R ( C , A ) , R = R ( C , B ) and R = R ( C , /0 ) . Note thatif p =
0, then the finite prefix has length zero and the lassosequence is then given by R lasso = (cid:18) R , R . . . R (cid:96) (cid:19) ω . (21)By the preceding discussion, if there exists a trace thatsatisfies a given LT L robotic specification, then there exists alasso-type constrained reachability sequence which, if feasible,guarantees that the system satisfies the
LT L robotic specification.One can view the lasso type reachability sequence as a bridgebetween the
LT L robotic specification and the set based approachof our proposed controller.
B. Construction Of Lasso-type Reachability Sequence
Consider a
LT L robotic specification φ as in (10). Given φ ,our first objective is to generate the lasso-type constrainedreachability sequence of the form (20). Definition 8 (Lasso Template) . Given a LT L robotic specifica-tion φ , a lasso template is an enumeration of the form O : { , , . . . , k } → I (22) O : { , , . . . , (cid:96) } → I (23) where the index sets I and I are as per Definition 3 andk = |I | and (cid:96) = max {|I | , } . (cid:3) Note that it is computationally straightforward to obtain some lasso template simply by arbitrarily enumerating theelements of the index sets I and I .A lasso-type reachability sequence of the form (20) or (21)is constructed using Algorithm 1. The LT L robotic specification,and the lasso template O and O are the inputs to Algorithm1. The output is a lasso-type constrained reachability sequenceof the form (20) or (21). C. Synthesis of Quadratic Program based Controller
We next encode the reachability objectives as finite time andzeroing control barrier functions in a QP. This is describedin Algorithm 2. Each Γ i is encoded with FCBFs with (5)or (17) as constraint(s) whereas each Σ i is encoded withZCBFs with (3) as constraint(s) in the QP. The designer isfree to choose a locally Lipschitz α function for (3). In orderto solve a particular reachability objective R i ( Σ i , Γ i ) where i ∈ { , , . . . , n } , we solve a QP as in (7). Note that solving aQP in real time is typically done in a few milliseconds, andhence Algorithm 2 is amenable to real time implementationon robotic platforms. D. Analysis Of Trajectory Generated by QP Controller
Observe that there is a one-to-one correspondence betweenelements of P ( Π aug ) and subsets of Π . Let ι : 2 Π → P ( Π aug ) ⊂ Π aug be the canonical bijective mapping for a subset σ ∈ Π with the corresponding mapping ι ( σ ) ∈ P ( Π aug ) given by, π ∈ σ ⇐⇒ π ∈ ι ( σ ) and π (cid:54)∈ σ ⇐⇒ π ∈ ι ( σ ) . (24)For notational convenience, we do not explicitly differentiatebetween a subset σ ⊂ Π and its mapping ι ( σ ) ∈ P ( Π aug ) .Given Algorithm 2, we now provide formal guaranteeswhich prove that the QP from Algorithm 2 indeed produces asystem trajectory which satisfies the system specification. Definition 9 (Descendant) . Given a LT L robotic specification φ with a lasso template O and O as in Definition 8, a descendant of the lasso template is any infinite length sequenceof the form σ = (cid:26) σ , σ , . . . σ , n (cid:27)(cid:26) σ , σ , . . . σ , n (cid:27) . . . (cid:26) σ p , σ p , . . . σ p , n p (cid:27) . . . , (25) OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 9
Algorithm 1
Lasso-type Reachability Sequence Generator
Input : φ , O , O Output: R lasso if J (cid:54) = /0 then p ← k + if k (cid:54) = then Γ i = (cid:74) ψ O ( i ) (cid:75) for all i = , , . . . , p − Σ i = (cid:74) ψ (cid:75) for all i = , , . . . , p − end if Γ p = (cid:74) ψ (cid:75) Σ p = (cid:74) ψ (cid:75) Γ p + i = (cid:74) ψ O ( i ) (cid:75) for all i = , , . . . , (cid:96) if J = /0 then Σ p + i = (cid:74) ψ (cid:75) for all i = , , . . . , (cid:96) else Σ p + i = (cid:74) ψ (cid:75) ∩ (cid:74) ψ (cid:75) for all i = , , . . . , (cid:96) end if R i = R i ( Σ i , Γ i ) for all i = , , . . . , p + (cid:96) return R lasso as in (20) else p ← k if p (cid:54) = then Γ i = (cid:74) ψ O ( i ) (cid:75) for all i = , , . . . , p Γ p + i = (cid:74) ψ O ( i ) (cid:75) for all i = , , . . . , (cid:96) Σ i = (cid:74) ψ (cid:75) for all i = , , . . . , p + (cid:96) R i = R i ( Σ i , Γ i ) for all i = , , . . . , p + (cid:96) return R lasso as in (20) else Γ p + i = (cid:74) ψ O ( i ) (cid:75) for all i = , , . . . , (cid:96) Σ p + i = (cid:74) ψ (cid:75) for all i = , , . . . , (cid:96) R i = R i ( Σ i , Γ i ) for all i = , , . . . , p + (cid:96) return R lasso as in (21) end if end ifAlgorithm 2 Quadratic Program based Controller
Input : R lasso if p (cid:54) = then for i = , , . . . , p do Encode Γ i with FCBFs Encode Σ i with ZCBFs while x / ∈ Γ i do Solve R ( Σ i , Γ i ) as in (7) end while end for end if while true do for i = p + , . . . , p + (cid:96) do Encode Γ i with FCBFs Encode Σ i with ZCBFs while x / ∈ Γ i do Solve R ( Σ i , Γ i ) as in (7) end while end for end while where σ i , j ∈ P ( Π aug ) for all i = , , . . . , j = , , . . . , n i and J ⊆ σ i , j for all i ∈ { , , . . . , p } and for all j ∈{ , , . . . , n i } J O ( i ) ⊆ σ O ( i ) , n O ( i ) for all i ∈ { , , . . . , k } J ⊆ σ p , n p J O ( i ) ⊆ σ m , n m where m = p + d (cid:96) + O ( i ) for all d ∈{ , , . . . } and for all i ∈ { , , . . . , (cid:96) } J ∪ J ⊆ σ i , j for all i ∈ { p + , . . . } and for all j ∈{ , , . . . , n i } . (cid:3) Intuitively, a descendant σ of a given template is a sequenceof atomic propositions visited by the system such that itrespects the safety sets Σ i and also reaches the target sets Γ i ina finite time for all i ∈ { , , . . . , p + l } . Consider the examplediscussed before, where a robot must first visit region A , thenregion B while avoiding the obstacle C . The lasso template forthis task is O ( ) = A , O ( ) = B . Given this template, onevalid instantiation of the descendant (25) is σ = (cid:26) { ¯ A , ¯ B , ¯ C }{ A , ¯ B , ¯ C } (cid:27)(cid:26) { ¯ A , ¯ B , ¯ C }{ ¯ A , B , ¯ C } (cid:27)(cid:26) { ¯ A , B , ¯ C } (cid:27) ω , which satisfies the conditions of Definition 9.In (25), each set σ i = { σ i , σ i , . . . σ i , n i } corresponds to the i th constrained reachability objective in the lasso sequence(20) or (21) and the set σ p = { σ p , σ p , . . . σ p , n p } is the lastconstrained reachability objective in the finite prefix part ofthe lasso sequence after which the sequence switches to thesuffix. Proposition 3.
Given a lasso template as in Definition 8 fora LT L robotic specification φ as in (10) , any descendant σ ofthis template is such that σ | = φ .Proof. Let φ = φ globe ∧ φ reach ∧ φ rec ∧ φ act be a specification asin (10). Let O and O be a lasso template for the specification.Let σ be a descendant of the lasso template as in Definition9. We provide a proof by construction by considering four in-dividual cases for the specification φ . Then, since conjunctionpreserves the results from these cases (Fig 5.2, pp 236 [15]),we combine them to provide a proof for the entire fragmentof LTL.Case 1: Suppose φ = φ globe = (cid:3) ψ for ψ = n (cid:86) m = π m , where π m ∈ Π aug . Thus we have J = { π , . . . , π n } , J O ( i ) = { /0 } for all i ∈ { , , . . . , k } , J O ( i ) = { /0 } for all i ∈ { , , . . . , (cid:96) } and J = { /0 } . A descendant trace of the template is as per Definition9. Thus, from condition 1 in Definition 9 , we observe that J = { π , . . . , π n } ⊆ σ i , j for all i ∈ { , , . . . } and for all j ∈{ , , . . . , n i } . Hence, we can conclude that σ | = φ globe .Case 2: Suppose φ = φ act = ♦(cid:3) ψ for ψ = n (cid:86) m = π m where π m ∈ Π aug . Thus we have J = { /0 } , J O ( i ) = { /0 } for all i ∈ { , , . . . , k } , J O ( i ) = { /0 } for all i ∈ { , , . . . , (cid:96) } and J = { π , . . . , π n } . A descendant trace of the template has a closedform expression as in Definition 9. Thus, from condition 3in Definition 9, we have J ⊆ σ p , n p , and from condition 5 inDefinition 9, we observe that J = { π , . . . , π n } ⊆ σ i , j for all OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 10 i ∈ { p + , p + , . . . } and for all j ∈ { , , . . . , n i } . Hence, wecan conclude that σ | = φ act .Case 3: Suppose φ = φ reach = (cid:86) j ∈ I ♦ ψ j . Thus we have J = { /0 } , J O ( i ) = { /0 } for all i ∈ { , , . . . , (cid:96) } and J = { /0 } . Adescendant trace of the template has a closed form expressionas in Definition 9. Thus, from condition 2 in the definition,we observe that J O ( m ) = { π , . . . , π n } ⊆ σ O ( m ) , n O ( m ) for all m ∈ { , , . . . , k } . Hence, we can conclude that σ | = φ reach .Case 4: Suppose φ = φ rec = (cid:86) j ∈ I (cid:3)♦ ψ j . Thus we have J = { /0 } , J O ( i ) = { /0 } for all i ∈ { , , . . . , k } and J = { /0 } .A descendant trace of the template has a closed form ex-pression as in Definition 9. Thus, from condition 4 in thedefinition, we observe that J O ( q ) = { π , . . . , π n } ⊆ σ m , n m forall m = p + dl + O ( q ) , for all d ∈ { , , . . . } and for all q ∈ { , , . . . , (cid:96) } . Hence, we can conclude that σ | = φ rec .Thus, by combining the results from Cases 1, 2, 3 and 4 withconjunction [15] (Fig 5.2, pp 236 [15]), we can conclude that σ satisfies φ = φ globe ∧ φ reach ∧ φ rec ∧ φ act . That is, σ | = φ . (cid:4) Next we state Theorem 2 which provides a theoreticalguarantee that if Algorithm 2 is feasible, then the trace ofthe resulting system trajectory satisfies the specification.
Theorem 2.
Given a LT L robotic specification φ and a lassotemplate O and O as in Definition 8, let R lasso be the lasso-type constrained reachability sequence as in (20) generatedfrom Algorithm 1. If Algorithm 2 is feasible, then the trace ofthe system trajectory x ( t ) satisfies φ .Proof. As per Algorithm 2, each Σ i is encoded as constraint(s)with ZCBFs for all i ∈ { , , . . . , p + (cid:96) } . From Proposition 1,this guarantees forward invariance of the atomic propositionsthat need to remain true or need to remain false. Since the QPfrom Algorithm 2 is feasible, conditions 1 and 5 from Defini-tion 9 are satisfied. Since each Γ i is encoded as constraint(s)with FCBFs for all i ∈ { , , . . . , p + (cid:96) } , from Theorem 1 wecan guarantee finite time convergence to atomic propositionsthat need to be reached in finite time. This satisfies conditions2, 3 and 4 of Definition 9. Thus, all conditions in Definition9 are satisfied. Since the QP is feasible, we conclude thatAlgorithm 2 generates a descendant σ of the lasso template.From Proposition 3, we know that given a lasso template,any descendant σ of the lasso template is such that it satisfiesthe specification. From the previous analysis, we know thatthe QP from Algorithm 2 produces a descendant of thelasso template. The mapping ι being bijective and combiningProposition 3 with the previous analysis, we can concludethat QP from Algorithm 2 produces a trace of the trajectoryof the system that satisfies the given specification. That is, ι − ( σ ) = σ | = φ . (cid:4) Note that while Algorithm 2 and Theorem 2 assume thatthe QP (7) is feasible, one can always use the relaxed QP(19) for feasibility. In that case, although feasibility of thecontroller is more likely, Theorem 2 may no longer holdsince the relaxation parameters ε can be non-zero so thatthe corresponding atomic propositions are no longer satisfied.However, such a situation is not considered in this paper. VI. C ASE S TUDY
In this section, we provide a case study that details thebarrier functions based QP framework which synthesizes asystem trajectory that satisfies the specification. This casestudy was implemented in the Robotarium multi-robot testbedat Georgia Tech [42]. The Robotarium consists of differentialdrive mobile robots which can be programmed using eitherMATLAB or Python.Consider a team of three robots: one surveillance robot ( R )and two attack robots ( R and R ). The surveillance robot needsto collect information regarding the position of two targets, andthen return back to the base. Once the information has beenrelayed to the base by the surveillance robot, the attack robotsmust visit the targets infinitely often. In addition to this, theattack robots must stay connected with each other at all times,and all the robots must avoid a danger zone where they canbe attacked.Let D ⊂ R be the workspace for each robot and let D ×D ×D ⊂ R be the domain of the three robot system with regions A = { A , B , C , O } . The dynamics for each agent i ∈ { , , } is ˙ p i ˙ p i ˙ φ i = cos ( φ i ) ( φ i )
00 1 (cid:20) v i ω i (cid:21) ,where p i ∈ R and p i ∈ R represent the position of the robot, φ i ∈ ( − π , π ] represents its orientation, v i ∈ R and ω i ∈ R arethe linear and angular velocity inputs to the robot respectively.Denote x i = (cid:2) p i p i φ i (cid:3) T , and ¯ x i = (cid:2) p i p i (cid:3) T . For imple-mentation purposes in the Robotarium and theoretical reasonsassociated with the unicycle robot as discussed in [43], we usethe NID technique discussed in [44] to control the differentialdrive robots as a single integrator model. The NID techniqueallows for control over both input to a differential drive robotsas discussed in [43].Target 1 is labelled as A , target 2 is labelled as B the base islabelled as C , and O is the danger zone (obstacle). The set ofatomic propositions is given by Π = { π ri , π ri } ∪ { π conn , π conn } for all i ∈ { , , } and r ∈ { A , B , C , O } . The regions A , B , C aredefined as (cid:74) π ri (cid:75) = (cid:8) x ∈ D | h r ( x i ) ≥ (cid:9) for all r ∈ { A , B , C , O } and for all i ∈ { , , } . For each (cid:74) π ri (cid:75) with i ∈ { , , } , r ∈{ A , B , C , O } , let π ri = (cid:26) x i ∈ r π ri = i is in region r . Theadditional connectivity constraint that must be maintained by R and R is given as h conn ( x ) ≥ h conn ( x ) = d conn ( x ) − || ¯ x − ¯ x || , (27)where d conn : D × D × D → R is the connectivity distancebetween the two agents that needs to be maintained, and || ¯ x − ¯ x || is the inter-agent distance. We consider d conn ( x ) = ( p + δ ) + δ , (28)where δ and δ are constants. The connectivity set corre-sponding to the proposition π conn is defined as (cid:74) π conn (cid:75) = { x ∈ D | h conn ( x ) ≥ } . Such a constraint captures a situation OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 11 in which the robots have poor connectivity in certain areasof the workspace, which requires them to maintain a closerdistance with each other. In areas where the robots have strongconnectivity, they are free to maintain a larger distance fromeach other.The
LT L robotic specification for the task described previ-ously is φ = ( ♦ π A ∧ ♦ π B ∧ ♦ π C ) ∧ (cid:3)♦ ( π A ∧ π B ) ∧ (cid:3)♦ ( π C ∧ π C ) ∧ (cid:3) ( π conn ∧ ¬ π O ∧ ¬ π O ∧ ¬ π O ) . (29)From the formalism in Definition 7 and Algorithm 1, weobtain the lasso-type constrained reachability objective, R lasso = (cid:18) R ( Σ , Γ ) R ( Σ , Γ ) R ( Σ , Γ ) (cid:19)(cid:18) R ( Σ , Γ ) R ( Σ , Γ ) (cid:19) ω (30)where Σ i = (cid:74) π conn (cid:75) ∩ (cid:74) π O (cid:75) ∩ (cid:74) π O (cid:75) ∩ (cid:74) π O (cid:75) for i = , , , , Γ = (cid:74) π A (cid:75) , Γ = (cid:74) π B (cid:75) , Γ = (cid:74) π C (cid:75) , Γ = (cid:74) π A (cid:75) ∩ (cid:74) π B (cid:75) , Γ = (cid:74) π C (cid:75) ∩ (cid:74) π C (cid:75) . R R R PQ M
Figure 3: A still shot of the trajectories for the robots R , R and R for the specification φ as in (29). Observe that R moves temporarily away from target 1 temporarily in orderto satisfy the connectivity constraint dictated by (27) and(28), but Theorem 1 results in feasible solutions at thosepoints. From the figure, we observe that the robots maintainconnectivity and avoid the danger zone at all times.Next, we use Algorithm 2 to generate the pointwise con-troller for the system. Each reachability objective R i ( Σ i , Γ i ) for all i ∈ { , , , , } is encoded as a QP and is solvedsequentially. In particular, if U i ( x ) is the set of feasible controllaws that satisfies all the constraints for each reachabilityobjective, then for all i = { , , , , } the QP solved is givenby, min u ∈ R || u || s.t u ∈ U i ( x ) . (31)From Theorem 2 we conclude that these trajectories indeedsatisfy the specification φ . The switching between the currentreachability objective to the next is automatic. It occurs whenthe state of the system reaches the desired set of states. Thatis, the switching from reachability objective i to objective i + x ∈ Γ i for all i ∈ { , , , } . As is discussed in [43], the computation complexity ofstrongly convex QPs, a class to which the proposed controllerbelongs to, is O (( m + d ) ) where m is the number of decisionvariables, and d is the number of constraints in the QP. Thisis the complexity of most commonly used solvers. In ourexperiments, we observed computation times in the order of10-15 milliseconds for each QP. At all times, R and R stayconnected as per the distance dictated by (27) and avoid thedanger zone, as seen in Fig 3. Thus, we see that by solvingthis sequence of constrained reachability objectives, the multi-agent system satisfies the specification. Fig 3 is a still shotof the experiment conducted on the Robotarium testbed atGeorgia Tech [42] VII. C
ONCLUDING R EMARKS
In this paper, we provided a framework for the control ofmobile robotic systems with control affine dynamics. In par-ticular, we used control barrier functions and temporal logic asthe tools to develop this framework. First, we discussed issuesregarding feasibility of the QP based controller. We provideda new method to compose multiple FCBFs in order to obtain alarger feasible solution set as compared to existing methods inliterature. We also proposed a modified QP based controllerwhich prioritizes different ZCBFs. Second, we developed afully automated framework which synthesizes a barrier func-tion based controller given a specification. Last, we providedformal guarantees that the QP based controller generates asystem trajectory that satisfies the given specification.R
EFERENCES[1] S. Chinchali, S. C. Livingston, U. Topcu, J. W. Burdick, and R. M.Murray, “Towards formal synthesis of reactive controllers for dexter-ous robotic manipulation,” in , May 2012, pp. 5183–5189.[2] L. P. Kaelbling and T. Lozano-P´erez, “Hierarchical task and motionplanning in the now,” in , May 2011, pp. 1470–1477.[3] L. Wang, A. D. Ames, and M. Egerstedt, “Safe certificate-based ma-neuvers for teams of quadrotors using differential flatness,” in
SIAM review , vol. 44, no. 4, pp. 525–597, 2002.[8] A. D. Ames, J. W. Grizzle, and P. Tabuada, “Control barrier functionbased quadratic programs with application to adaptive cruise control,” in , Dec 2014, pp. 6271–6278.[9] X. Xu, P. Tabuada, J. W. Grizzle, and A. D. Ames, “Robustness ofcontrol barrier functions for safety critical control,” arXiv preprintarXiv:1612.01554 , 2016.[10] L. Wang, A. D. Ames, and M. Egerstedt, “Safety barrier certificatesfor collisions-free multirobot systems,”
IEEE Transactions on Robotics ,vol. 33, no. 3, pp. 661–674, June 2017. Video of Robotarium experiment -https://youtu.be/EK1Zxcg-eSE Code for Robotarium experiment- https://bit.ly/37QkOBS
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 12 [11] L. Wang, A. Ames, and M. Egerstedt, “Safety barrier certificates for het-erogeneous multi-robot systems,” in , July 2016, pp. 5213–5218.[12] A. Li, L. Wang, P. Pierpaoli, and M. Egerstedt, “Formally correctcomposition of coordinated behaviors using control barrier certificates,”in . IEEE, 2018, pp. 3723–3729.[13] M. Srinivasan, S. Coogan, and M. Egerstedt, “Control of multi-agentsystems with finite time control barrier certificates and temporal logic,”in , Dec 2018,pp. 1991–1996.[14] M. Maghenem and R. G. Sanfelice, “Barrier function certificates forforward invariance in hybrid inclusions,” in , Dec 2018, pp. 759–764.[15] C. Baier and J.-P. Katoen,
Principles of model checking , 2008.[16] R. Alur, T. A. Henzinger, G. Lafferriere, and G. J. Pappas, “Discreteabstractions of hybrid systems,”
Proceedings of the IEEE , vol. 88, no. 7,pp. 971–984, July 2000.[17] C. Belta and L. C. G. J. M. Habets, “Controlling a class of nonlin-ear systems on rectangles,”
IEEE Transactions on Automatic Control ,vol. 51, no. 11, pp. 1749–1759, Nov 2006.[18] M. Kloetzer and C. Belta, “A fully automated framework for control oflinear systems from temporal logic specifications,”
IEEE Transactionson Automatic Control , vol. 53, no. 1, pp. 287–297, Feb 2008.[19] T. Wongpiromsarn, U. Topcu, and R. M. Murray, “Receding horizontemporal logic planning,”
IEEE Transactions on Automatic Control ,vol. 57, no. 11, pp. 2817–2830, Nov 2012.[20] A. Bhatia, M. R. Maly, L. E. Kavraki, and M. Y. Vardi, “Motion planningwith complex goals,”
IEEE Robotics Automation Magazine , vol. 18,no. 3, pp. 55–64, Sep. 2011.[21] G. E. Fainekos, A. Girard, H. Kress-Gazit, and G. J. Pappas, “Temporallogic motion planning for dynamic robots,”
Automatica , vol. 45, no. 2,pp. 343–352, 2009.[22] L. Lindemann and D. V. Dimarogonas, “Control barrier functions forsignal temporal logic tasks,”
IEEE control systems letters , vol. 3, no. 1,pp. 96–101, 2019.[23] L. Lindemann and D. V. Dimarogonas, “Decentralized control barrierfunctions for coupled multi-agent systems under signal temporal logictasks,” in , June 2019,pp. 89–94.[24] V. Raman, A. Donz´e, M. Maasoumy, R. M. Murray, A. Sangiovanni-Vincentelli, and S. A. Seshia, “Model predictive control with signaltemporal logic specifications,” in , Dec 2014, pp. 81–87.[25] C. Belta and S. Sadraddini, “Formal methods for control synthesis:An optimization perspective,”
Annual Review of Control, Robotics, andAutonomous Systems , 2019.[26] Z. Liu, B. Wu, J. Dai, and H. Lin, “Distributed communication-aware motion planning for multi-agent systems from stl and spatelspecifications,” in , Dec 2017, pp. 4452–4457.[27] S. S. Farahani, R. Majumdar, V. S. Prabhu, and S. E. Z. Soudjani,“Shrinking horizon model predictive control with chance-constrainedsignal temporal logic specifications,” in , May 2017, pp. 1740–1746.[28] D. Aksaray, A. Jones, Z. Kong, M. Schwager, and C. Belta, “Q-learningfor robust satisfaction of signal temporal logic specifications,” in , Dec 2016, pp.6565–6570.[29] D. Muniraj, K. G. Vamvoudakis, and M. Farhood, “Enforcing signaltemporal logic specifications in multi-agent adversarial environments: Adeep q-learning approach,” in . IEEE, 2018, pp. 4141–4146.[30] P. V´arnai and D. V. Dimarogonas, “Prescribed performance controlguided policy improvement for satisfying signal temporal logictasks,”
CoRR , vol. abs/1903.04340, 2019. [Online]. Available: http://arxiv.org/abs/1903.04340[31] L. Lindemann and D. V. Dimarogonas, “Decentralized robust control ofcoupled multi-agent systems under local signal temporal logic tasks,” in . IEEE, 2018, pp.1567–1573.[32] Y. V. Pant, H. Abbas, R. A. Quaye, and R. Mangharam, “Fly-by-logic:Control of multi-drone fleets with temporal logic objectives,” in , April 2018, pp. 186–197. [33] Q. Nguyen and K. Sreenath, “Exponential control barrier functionsfor enforcing high relative-degree safety-critical constraints,” in , July 2016, pp. 322–328.[34] W. Xiao and C. Belta, “Control barrier functions for systems with highrelative degree,” 2019.[35] G. Notomista, S. Mayya, S. Hutchinson, and M. Egerstedt, “An optimaltask allocation strategy for heterogeneous multi-robot systems,” arXivpreprint arXiv:1903.08641 , 2019.[36] H. K. Khalil,
Nonlinear systems , vol. 3.[37] Meng Guo, K. H. Johansson, and D. V. Dimarogonas, “Revising motionplanning under linear temporal logic specifications in partially knownworkspaces,” in , May 2013, pp. 5025–5032.[38] E. M. Wolff, U. Topcu, and R. M. Murray, “Efficient reactive controllersynthesis for a fragment of linear temporal logic,” in , May 2013, pp.5033–5040.[39] H. Kress-Gazit, G. E. Fainekos, and G. J. Pappas, “Temporal-logic-basedreactive mission and motion planning,”
IEEE Transactions on Robotics ,vol. 25, no. 6, pp. 1370–1381, Dec 2009.[40] T. Wongpiromsarn, U. Topcu, and A. Lamperski, “Automata theorymeets barrier certificates: Temporal logic verification of nonlinear sys-tems,”
IEEE Transactions on Automatic Control , vol. 61, no. 11, pp.3344–3355, 2016.[41] A. D. Ames, X. Xu, J. W. Grizzle, and P. Tabuada, “Control barrierfunction based quadratic programs for safety critical systems,”
IEEETransactions on Automatic Control , vol. 62, no. 8, pp. 3861–3876, Aug2017.[42] D. Pickem, P. Glotfelter, L. Wang, M. Mote, A. Ames, E. Feron, andM. Egerstedt, “The robotarium: A remotely accessible swarm roboticsresearch testbed,” in , May 2017, pp. 1699–1706.[43] P. Glotfelter, I. Buckley, and M. Egerstedt, “Hybrid nonsmooth barrierfunctions with applications to provably safe and composable collisionavoidance for robotic systems,”
IEEE Robotics and Automation Letters ,vol. 4, no. 2, pp. 1303–1310, April 2019.[44] R. Olfati-Saber, “Near-identity diffeomorphisms and exponential ε -tracking and ε -stabilization of first-order nonholonomic SE(2) vehicles,”in Proceedings of the 2002 American Control Conference (IEEE Cat.No.CH37301) , vol. 6, May 2002, pp. 4690–4695 vol.6.
Mohit Srinivasan is currently pursuing his PhD de-gree in Electrical and Computer Engineering (ECE)from Georgia Institute of Technology, Atlanta, Geor-gia, USA. He earned his Master of Science inElectrical and Computer Engineering from Geor-gia Tech and Bachelor of Technology in ElectrialEngineering from Veermata Jijabai TechnologicalInstitute (V.J.T.I), Mumbai, India. He was previouslya research intern at Landis+Gyr, Atlanta. His re-search interests are primarily in multi-agent systems,control theory, and robotics.