Ana Cavalcanti is a professor at the University of York, working in the Department of Computer Science. Professor Cavalcanti holds a chair in emerging technologies from the Royal Academy of Engineering.
Cavalcanti is also the director of RoboStar, a centre of excellence dedicated to research and technology transfer in software engineering for robotics. The research and development work covers various aspects of model-based software engineering, including modelling, simulation, testing, and verification. The group leads on the design and verification of control software, catering for physical models of the platform and scenarios, environment assumptions, and human behaviour.
RoboStar is one of the largest research groups in the world, bringing a diverse membership of robotics researchers under a single umbrella. Its membership comprises UK researchers from the universities of York, Sheffield, King’s College, and Thales, as well as researchers from around the world, including Brazil, Denmark, France, Germany, and Norway.
At the London Labs Live event in March, Professor Ana Cavalcanti will participate in a panel discussion entitled “Design and verification of safe and reliable lab robots.” The panel will discuss the role of robots in the laboratory and how organisations can take advantage of robotics advances while ensuring safety and reliability.
Can you tell us about yourself and your role at the University of York?
Cavalcanti: The mandate of the Chair in Emerging Technologies was to create a centre of excellence, so I teamed up with a multidisciplinary team to do so. I am now the Director of RoboStar, a centre of excellence in software engineering for robotics.
We all share a vision: to develop an end-to-end approach to designing and verifying mobile and autonomous robots. In terms of your interest in lab automation, RoboStar York is part of the community here at the University of York that is centred around our Institute for Safe Autonomy. We have a CDT, a Centre for Doctoral Training in the area of Autonomous Robotic Systems called ALBERT—Autonomous Robotic Systems for Laboratory Experiments.
What does end-to-end mean in the context of robot design?
Cavalcanti: It's an end-to-end process for designing and verifying robots. What I mean by end-to-end is a significant enrichment of the current practice, which is code-centric. This is a generalisation. I'm always cautious about that, but the state of practice is, by far and large, that colleagues who want to develop a new robot start by writing code. Programming should be the last stage of the software engineering process.
The RoboStar vision focuses on being model-centric. We will start developing a system by writing models. In an end-to-end approach, RoboStar provides support to describe and validate these models, just like a civil engineer would write a CAD model and then do some checks. We would do the same thing. We write the models and then check: is this system going to deadlock? Is this system going to have any undesirable properties? We can do that even before the system is built, just as civil engineers do, but we don't stop there. That's the start of the design.
From those models, we want to derive value. Our vision is that we want a world where writing code is something of the past. You write the models. You get the code for simulation, and you get the same code for deployment. That's important because, from an engineering point of view, when you use one code or model for simulation and then a different piece of code when you come to deploy the robot, then have the possibility of introducing errors. You want to eliminate that. We also want to generate tests automatically. End-to-end means that RoboStar’s technology covers the work from the modelling stage to the deployment stage.
What are the main challenges to developing autonomous lab robots?
Cavalcanti: We are tackling this challenge on a very broad spectrum. It's a multidisciplinary problem with challenges in all areas. The first is to understand what is adequate for the humans in the lab. What do they need and want? These things are different.
We start by considering the human aspect and how humans can effectively interact with robots. Regarding the development of the robots, there are challenges associated with the software and the hardware. For the hardware, some exciting pieces of work are taking place in ALBERT related to providing the robots with the ability to manipulate very fragile equipment and sensitive materials. This must be done so that we can ensure that they will not cause a problem by spilling materials or potentially interfering with an experiment that may have consequences when dealing with dangerous chemicals, for example.
Software engineering is key to the design of trustworthy mobile and autonomous robots. RoboStar is developing technology to put software engineering on the same standing as traditional engineering disciplines, where models, supported by tools and mathematical foundations, drive the whole production process: simulation, testing, deployment, and provision of evidence of quality.
How do you control the robots? This comes largely from software components. How do you develop the applications? The challenge is not only to write the code but also to provide the evidence that we can rely on that code. There will be sociological issues, business issues, and ethical issues. Robotics is a multidisciplinary field, and introducing autonomous robots into our society is a multidisciplinary issue.
What are the techniques for verifying robots, particularly in the laboratory?
Cavalcanti: We use three main techniques to verify the software used in robots. The techniques have different purposes. In general terms, you can use testing, which can be done in two ways: testing in simulation, where you have complete control over the control and observability of the system because everything is in software, and you can interfere here and there to capture the information you need – that's verification by simulation; the next is verification by testing the deployed robot. In that case, you want the tests we run in simulation to be converted to tests you run in deployment.
There is another very exciting way of doing the verification. With these models, we can automatically generate mathematical descriptions of them. With those mathematical descriptions, you can generate the tests, generate the code, and carry out mathematical proof. It's abstract, but I always go back to the CAD models so people can understand what's going on.
An engineer can prove that the water output in a particular tap is good enough for their building, based, for instance, on the dimensions of the pipes, the flow of water and so on. This can be done before the building exists. We have the same opportunity. In our models, we can describe how the software will be organised and orchestrated and how it will communicate, for example. We can prove, mathematically, that there is no deadlock. No deadlock means the robot will not freeze like our laptops sometimes do. A freeze may not always be a problem, but it can be. For example, if a robot goes down steps in a hospital and freezes, it may fall and hurt someone. We use these proofs to guarantee the expected behaviour. That's an exciting part of the RoboStar technology.
Is it possible to move to a process that only uses these mathematical proofs as verification?
Cavalcanti: No, I don't believe that. Especially in the domain of robotics and cyber-physical systems in general. The objective is not to remove the need for tests but to carry out proof to detect the problem earlier and give you stronger guarantees. Everything needs to be consistent.
Robot control software runs in a robot, which is a machine that will be subject to faults and wear and tear. The environment can be unpredictable. A robot will be moving in a lab, for example. (That's our vision: to have labs designed for humans and to have the robots working alongside humans.)
That is a highly complex environment. The robot cannot know when a human will pass in front of it, and it cannot know when the humans will move around the reagents or instruments for the experiment that the robot needs. It is very complex, and we must use our entire arsenal to solve those problems. And so it's not about removing the need for tests. It's about using the best techniques to deal with each of the problems at hand.
Does AI impact the work you are doing on the development of robotic systems?
Cavalcanti: Having AI components introduces new challenges. They are a black box, and, in terms of the work we want to do, the main challenge is determining the specifications. For safety, we take the view that it is not about the individual components. Safety is not a property of any single component of a system. It's a system-level property.
Our techniques accommodate the fact that you may have AI techniques implement some of the components. We can model those components, capture the mathematics characterising their behaviour, and use that at the system level to ensure properties.
I'm not saying it's a solved problem, not at all, because you need to work at the component level to make those system-level claims, and the technology for those components is very much in development at the moment. It is getting better every day, but it is a challenge. But, for us, the challenge is at the level of the systems, and we are tackling that in RoboStar in the context of a European project called RoboSapiens.
Ana Cavalcanti is a professor at the University of York, working in the Department of Computer Science. Professor Cavalcanti holds a chair in emerging technologies from the Royal Academy of Engineering.
