Robust MultiRobot Optimal Path Planning with Temporal Logic Constraints
Abstract
In this paper we present a method for automatically planning robust optimal paths for a group of robots that satisfy a common high level mission specification. Each robot’s motion in the environment is modeled as a weighted transition system, and the mission is given as a Linear Temporal Logic (LTL) formula over a set of propositions satisfied by the regions of the environment. In addition, an optimizing proposition must repeatedly be satisfied. The goal is to minimize the maximum time between satisfying instances of the optimizing proposition while ensuring that the LTL formula is satisfied even with uncertainty in the robots’ traveling times. We characterize a class of LTL formulas that are robust to robot timing errors, for which we generate optimal paths if no timing errors are present, and we present bounds on the deviation from the optimal values in the presence of errors. We implement and experimentally evaluate our method considering a persistent monitoring task in a road network environment.
1Introduction
The classic motion planning problem considers missions where a robot must reach a goal state from an initial state while avoiding obstacles. Temporal logics, on the other hand, provide a powerful highlevel language for specifying complex missions for groups of robots [1]. Their power lies in the wealth of tools from model checking [6], which can be leveraged to generate robot paths satisfying desired mission specifications. Alternatively, if the mission cannot be satisfied, the tools can be used produce a certificate, or counterexample, which proves that the mission is not possible. However, in robotics the goal is typically to plan paths that not only complete a desired mission, but which do so in an optimal manner. In our earlier work [8] we considered Linear Temporal Logic (LTL) specifications, and a particular form of cost function, and provided a method for computing optimal robot paths for a single robot. We then extended this approach to multirobot problems by utilizing timed automata [9].
The main difficulty in moving from a single robot to multiple robots is in synchronizing the motion of the robots, or in allowing the robots to move asynchronously. In [10], the authors propose a method for decentralized motion of multiple robots by restricting the robots to take transitions (i.e.,travel along edges in the graph) synchronously. Once every robot has completed a transition, the robots can synchronously make the next transition. While such an approach is effective for satisfying the LTL formula, it does not lend itself to optimizing the robot motion, since robots must spend extra time for synchronization. In [9] we approached this problem by describing the motion of the group of robots in the environment as a timed automaton. This description allowed us to represent the relative position between robots. Such information is necessary for optimizing the robot motion. After providing a bisimulation [11] of the infinitedimensional timed automaton to a finite dimensional transition system we were able to apply our results from [8] to compute an optimal run.
However, enabling the asynchronous motion of robots introduces issues in the robustness, and thus implementability of the multirobot paths. Timedautomata rely heavily on the assumption that the clocks (or for robots, the speeds), are known exactly. If the clocks drift by even an infinitesimally small amount, then the reachability analysis developed for timedautomata is no longer correct [12]. The intuition behind this is that if the robot speeds are not exactly equal to those used for planning, then two robots can complete tasks in a different order than was specified in the plan. This switch in the order of events may result in the violation of the global mission specification.
In this paper, we address this issue by characterizing a class of LTL formulas that are robust to such timing errors. For simplicity of presentation, we assume that each robot moves among the vertices of an environment modeled as a graph. However, by using feedback controllers for facet reachability in polytopes [14] the method developed in this paper can be extended to robots with continuous dynamics traversing an environment with polytopic partitions. The characterization relies on the concept of traceclosedness of languages, which was first applied in multirobot planning in [15]. For these languages, we can guarantee that any deviation from the planned order of events due to uncertainties in the speeds of robots will not result in the violation of the global specification.
The contribution of this paper is to present a method for generating paths for a group of robots satisfying general LTL formulas, which are robust to uncertainties in the speeds of robots, and which perform within a known bound of the optimal value. We focus on minimizing a cost function that captures the maximum time between satisfying instances of an optimizing proposition. The cost is motivated by problems in persistent monitoring and in pickup and delivery problems. Our solution relies on using the concept of traceclosedness to characterize the class of LTL formulas for which a robust solution exists. For formulas in this class, we utilize a similar method as in [9] to generate robot plans. We then propose periodic synchronization of the robots to optimize the cost function in the presence of timing errors. We provide results from an implementation on a robotic testbed, which shows the utility of the approach in practice.
The organization of the paper is as follows. In Section ?, we give some preliminaries in formal methods and traceclosed languages. In Section ?, we formally state the motion planning problem for a team of robots, and we present our solution in Section ?. In Section ?, we present a hardware implementation for a team of robots performing persistent data gathering missions in a road network environment. Finally, in Section ?, we conclude with final remarks.
2Preliminaries
For a set , we use , , , and to denote its cardinality, power set, set of finite words, and set of infinite words, respectively. Moreover, we define and denote the empty string by .
We define a run of as an infinite sequence of states such that , and for all . A run generates an infinite word where is the set of atomic propositions satisfied at state .
LTL formulas are interpreted over infinite words (generated by the transition system from Def. ?). Informally, states that at the next position of a word, proposition is true. The formula states that there is a future position of the word when proposition is true, and proposition is true at least until is true. From these temporal operators we can construct two other temporal operators: Eventually (i.e., future), defined as , and Always (i.e., globally), , defined as . The formula states that is true at all positions of the word; the formula states that eventually becomes true in the word. More expressivity can be achieved by combining the temporal and Boolean operators. We say a run satisfies if and only if the word generated by satisfies .
A run of over an input word is a sequence , such that , and , for all . A Büchi automaton accepts a word over if and only if at least one of the corresponding runs intersects with infinitely many times. For any LTL formula over a set , one can construct a Büchi automaton with input alphabet accepting all and only words over that satisfy .
3Problem Formulation and Approach
In this section we introduce the multirobot path planning problem with temporal constraints, and we motivate the need for solutions that are robust to uncertain robot speeds.
3.1Environment Model and Initial Formulation
Let
be a graph, where is the set of vertices and is the set of edges. In this paper, is the quotient graph of a partitioned environment, where is a set of labels for the regions in the partition and is the corresponding adjacency relation. For example, can be a set of labels for the roads, intersections, and buildings in an urbanlike environment and gives their connections (see Figure 4).
Consider a team of robots moving in an environment modeled by . The motion capabilities of robot are represented by a TS , where ; is the initial vertex of robot ; is a relation modeling the capability of robot to move among the vertices; is the subset of propositions assigned to the environment that can be satisfied by robot such that is a distribution of ; is a mapping from to showing how the propositions are satisfied at vertices; captures the time for robot to go from vertex to , which we assume to be an integer. In this robotic model, robot travels along the edges of , and spends zero time on the vertices. We assume that the robots are equipped with motion primitives which allow them to move from to for each .
In our previous work [9] we considered the case where there is an atomic proposition , called the optimizing proposition, and a multirobot task specified by an LTL formula of the form
where can be any LTL formula over , and specifies that proposition must be satisfied infinitely often. As an example, in a persistent data gathering task, may be assigned to regions where data is uploaded, i.e.,, while can be used to specify rules (such as traffic rules) that must be obeyed at all times during the task [8].
Our goal in [9] was to plan multirobot paths that satisfy and minimize the maximum time between satisfying instances of . In data gathering, this corresponds to minimizing the maximum time between data uploads. To state this problem formally, we assume that each run of (robot ) starts at and generates a word and a corresponding sequence of time instances such that the symbol is satisfied at time . Note that, as robots spend zero time on the vertices, each has a unique which is the instant when robot visits the corresponding vertex. To define the behavior of the team as a whole, we consider the sequences as sets and take the union and order this set in ascending order to obtain . Then, we define to be the word generated by the team of robots where the symbol is the union of all propositions satisfied at time . Finally, we define the infinite sequence where stands for the time instance when the optimizing proposition is satisfied for the time by the team. Thus, the problem is that of synthesizing individual optimal runs for a team of robots so that satisfies and minimizes
Since we consider LTL formulas containing , this optimization problem is always wellposed.
3.2Robustness and Optimality in the Field
In this paper, we are interested in the implementability of our previous approach in the case where our model is not exact in the weights of transitions. Particularly, we consider the case where the actual value of that is observed during deployment, denoted by , is a nondeterministic quantity that lies in the interval where is the deviation value of robot which is assumed to be known a priori. In the following, we use the expression “in the field” to refer to the model with uncertain traveling times, and use and to denote the planned and actual values of some variable .
The question becomes, if we use the runs generated from our previous approach in the field, will the formula still be satisfied? Given the word that characterizes the planned run of the robotic team and the distribution , the actual word generated by the robotic team during its infinite asynchronous run in the field will be one of the trace equivalents of , i.e., due to the uncertainties in the traveling times of the robots. This leads to the definition of critical words.
Thus, we see that if the planned word is critical, then we may not satisfy the specification in the field. This can be formalized by noting that the optimal runs that satisfy are always in a prefixsuffix form [16], where the suffix cycle is repeated infinitely often. Using this observation and Def. ? we can formally define the words that can violate the LTL formula during the deployment of the robotic team.
We denote the actual word generated by the robotic team in the field by whereas stands for the planned word. Suppose that for each robot , and in the suffix cycle we have and generated by robots and at positions and that must not be swapped, because if they do violates . Note that we are guaranteed to find such symbols as we assume the suffix cycle to be a critical word. In the worstcase, for the symbols to swap, we must have . Solving for , we get . However, as the suffix is an infinite repetition of the suffix cycle, and is violated for any .
In addition, we can consider the performance of the team during deployment in terms of the value of the cost function observed in the field. Using the same arguments presented in Prop. ? it can be easily show that, the worstcase field value of will be the minimum of where is the maximum duration between any two successive satisfactions of by robot i in the field. This effectively means that there is no benefit in executing the task with multiple robots, as at some point in the future the overall performance of the team will be limited by that of a single member.
3.3Robust Problem Formulation
To characterize the field performance of the robotic team and to limit the deviation from the optimal run during deployment, we propose to use a synchronization protocol where robots can synchronize with each other only when they are at the vertices of the environment. We assume that there is an atomic proposition , called the synchronizing proposition, and we consider multirobot tasks specified using LTL formulas of the form
where can be any LTL formula over , is the optimizing proposition and is the special synchronizing proposition that is satisfied only when all members of the robotic team occupy vertices at the same time. We can now formulate the problem.
Note that the runs produced by a solution to Prob. ? are guaranteed not to violate even if there is a mismatch between the weights used for the solution of the problem and the actual traveling times observed in the field. Since observed in the field is likely to be suboptimal, we will also seek to bound the deviation from optimality in the field.
3.4Solution Outline
In [9], we showed that the joint behavior of a robotic team can be captured by a region automaton. A region automaton, as defined next, is a finite dimensional transition system that captures the relative positions of the members of the robotic team. This information is then used for computing optimal trajectories.
Our solution to Problem ? can be outlined as follows:
We check if the LTL formula is traceclosed guaranteeing that it will not be violated in the field (See Sec. ?);
We prepare the serialized region automaton of the robotic team with synchronization points by modifying the output of our earlier algorithm ObtainRegionAutomaton [9] (See Sec. ?);
We find optimal runs on individual using the OptimalRun algorithm we previously developed in [16] and use a synchronization protocol to calculate an upper bound on the cost function for given deviation values to obtain the solution to Prob. ? (See Sec. ?).
4Problem Solution
In this section, we explain each step of the solution to Prob. ? in detail. In the following, we use a simple example to illustrate ideas as we develop the theory for the general case. We present an experimental evaluation of our approach considering a more realistic scenario in Sec. ?.
4.1TraceClosedness of the Original Formula
Prop. ? shows how traceclosedness of guarantees correctness in the field. In the following, we say an LTL formula is traceclosed if the language of the corresponding Büchi automaton is traceclosed in the sense of Def. ?.
From Defs. ? and ?, we know that if we can find a run that satisfies a traceclosed LTL formula, then the word produced by the run will not be a critical word. Since is not a critical word, such that . Thus, regardless of the values of the robots, will not be violated in the field due to robot timing errors as any will also be in .
Thus, in order to guarantee correctness in the field, we first check that is traceclosed using an algorithm adapted from [17]. However, as traceclosedness is not welldefined for words over , we construct a Büchi automaton whose language is over the set .
After checking that is traceclosed, we proceed by obtaining the serialized region automaton with synchronization points where the proposition is satisfied.
4.2Obtaining the Serialized Region Automaton with Synchronization Points
If is a traceclosed formula, we obtain the region automaton that captures the joint behavior of the robotic team using ObtainRegionAutomaton [9]. Next, using Alg. ?, we first introduce synchronization states by adding the special proposition to the states where all robots occupy some vertex in their TS’s simultaneously, i.e.,states with . Note that, these are the states that will be used to calculate a bound on optimality when the robots are deployed in the field. We then expand the states where multiple propositions are satisfied simultaneously to obtain where at most one proposition is satisfied at each state. This ensures that languages of both the Büchi automaton that corresponds to and are over .

4.3Finding the Robust Optimal Run and the Optimality Bound
After obtaining the serialized region automaton , we find an optimal run on that minimizes the cost function using our earlier OptimalRun algorithm [16]. The optimal run is always in a prefixsuffix form (Def. ?). Furthermore, as satisfies , it has at least one synchronization point in its suffix cycle, which we assume to start with a synchronization point.
In [9] we show that the individual runs obtained by the projection in Def. ? are equivalent to the region automaton run in the sense that they produce the same word . Using Def. ?, we project the optimal run to individual s to obtain the set of optimal individual runs . As the robots execute their infinite runs in the field, they synchronize with each other at the synchronization point following the protocol given in Alg. ? ensuring that they start each new suffix cycle in a synchronized way. Using this protocol, we can define a bound on optimality, i.e.,the value of the cost function observed in the field, as given in the following proposition.
In the following, we take the suffix to begin at a synchronization point. The suffix consists of an infinite number of repetitions of the suffix cycle, which we denote . Let be the planned duration of , let be the number of optimizing propositions satisfied in . Let us redefine to be the time when the suffix starts, and let be a sequence of length recording the times that the optimizing proposition is satisfied on the first repetition of . Note that, as we consider infinite runs and as the process restarts itself at the beginning of each by means of the synchronization protocol given in Alg. ?, we only need to consider the first repetition of . We first define
where, and are the earliest and latest times that the th optimizing proposition can be satisfied, respectively. The value is the latest time that the second repetition of can begin. Then, for , the worstcase time between satisfying the th optimizing proposition and the th optimizing proposition is
Next, in the planned paths, multiple robots may simultaneously satisfy the th optimizing proposition. In the field, these satisfactions will not occur simultaneously. The maximum amount of time between the first and last of these satisfying instances for the th proposition, for , is
Finally, using and we obtain the upper bound on the value of the cost function that will be observed during deployment as
Substituting the definitions for , , and into we obtain
But, we have that , and . In addition, and for all . Using these expressions we obtain
Similarly, we get
and thus .

We finally summarize our approach in Alg. ?, show that this algorithm indeed gives a solution to Prob. ? and analyze the overall complexity of our approach.
Note that Alg. ? combines all steps outlined in this section. The planned word generated by the entire team satisfies and minimizes , as shown in [9]. Furthermore, since is traceclosed, the optimal satisfying run is guaranteed not to violate in the field due to timing errors as given in Prop. ?. Therefore, as obtained from Alg. ? is the solution to Prob. ?.
From [9], the number of states of the region automaton is bounded by
where is number of robots and is largest edge weight in TS of robot . Then, for the above mentioned case, the worstcase size of the region automaton is . In [8], the authors give the worstcase complexity of the OptimalRun algorithm as where is the number of states of the input transition system and is the length of the LTL specification. Therefore, the worstcase complexity of Alg. ? becomes .
5Implementation and Case Studies
We implemented Alg. ? in objectiveC as the software package LTL Robust Optimal Multirobot Planner (LROMP) and used it in conjunction with our earlier OptimalRun [16] algorithm to obtain robust and optimal trajectories for robots performing persistent data gathering missions in a road network environment. The software package, available at http://hyness.bu.edu/Software.html, utilizes the dot tool [18] to visualize transition systems and the OptimalRun algorithm uses the LTL2BA software [19] to convert LTL specifications to Büchi automata. Following the steps detailed in Sec. ?, the software first creates the serialized region automaton with synchronization states using s defined by the user and exports an Mfile which defines in Matlab. Next, is checked for traceclosedness, after which OptimalRun algorithm is executed in Matlab to find the optimal run on . Finally, an upper bound on the field value of the cost function is computed and is projected to individual , , to obtain the solution to Prob. ?.
Figure 4 illustrates our experimental platform, which is a road network consisting of roads, intersections, and task locations. The figure also shows the transition system that models the motion of the robots on this road network where 1 time unit corresponds to 3 seconds. In the following, the transition systems are identical except for their initial states and the sets of propositions that can be satisfied at states.
In our experiments, we consider a persistent monitoring task where two robots with deviation values of , repeatedly gather and upload data and the maximum time in between any two data uploads must be minimized. We require robots 1 and 2 to gather data at 7 and 8 in Figure 4, respectively and upload the data at 9. We define and assign the atomic propositions as
where is set as the optimizing proposition ( as in formula ) due to the task specification. Next, we forbid data uploads unless robots have something to upload using the LTL formula
Our overall LTL formula in the form of is
Running our algorithms on an iMac i5 quadcore computer, we obtain the robust optimal trajectory as illustrated in Figure 5. The algorithm ran for 35 minutes, and the region automaton had 5224 states. The value of the cost function was 19 time units (57 seconds) with an upperbound of 27.55 time units (82.65 seconds), meaning that the maximum time in between data uploads would be less than 82.65 seconds in the field. This result was experimentally verified in our robotic testbed and the maximum time in between data uploads was measured to be 64 seconds (21.3 time units) during a run of 13 minutes. In order to confirm and demonstrate the effectiveness of our approach, we executed the same trajectory without any synchronization. After approximately 6.5 minutes, the maximum time in between data uploads was measured to be 92 seconds (30.7 time units), much worse than what is provided by our approach. Our video submission accompanying the paper displays the robot trajectories for both cases.
It is interesting to note that, in the optimal solution the second robot spends extra time spinning between states and (Figs. ?, Figure 5). This behavior is actually timewise optimal as it decreases the maximum time between successive satisfying instances of the optimizing proposition.
6Conclusions
In this paper we presented and experimentally evaluated a method for planning robust optimal trajectories for a team of robots that satisfy a common temporal logic mission specification. Our method is robust to uncertainties in the traveling times of each robot, and thus has practical value in applications where multiple robots must perform a series of tasks collectively in a common environment. We considered traceclosed temporal logic formulas with optimizing and synchronizing propositions that must be repeatedly satisfied. In the absence of timing errors, the motion plan delivered by our method is optimal in the sense that it minimizes the maximum time between satisfying instances of the optimizing proposition. If the traveling times observed in the field deviate from those given by the transition systems of the robots, our method guarantees that the mission specification is never violated and provides an upper bound on the ratio between the performance in the field and the optimal performance.
Acknowledgments
We thank Jennifer Marx at Boston University for her work on the experimental platform.
References
 S. G. Loizou and K. J. Kyriakopoulos, “Automatic synthesis of multiagent motion tasks based on LTL specifications,” in IEEE Conf. on Decision and Control, Paradise Island, Bahamas, 2004, pp. 153–158.
 H. KressGazit, G. E. Fainekos, and G. J. Pappas, “Temporal logicbased reactive mission and motion planning,” IEEE Transactions on Robotics, vol. 25, no. 6, pp. 1370–1381, 2009.
 T. Wongpiromsarn, U. Topcu, and R. M. Murray, “Receding horizon control for temporal logic specifications,” in Hybrid systems: Computation and Control, Stockholm, Sweden, 2010, pp. 101–110.
 A. Bhatia, L. E. Kavraki, and M. Y. Vardi, “Motion planning with hybrid dynamics and temporal goals,” in IEEE Conf. on Decision and Control, 2010, pp. 1108–1115.
 L. Bobadilla, O. Sanchez, J. Czarnowski, K. Gossman, and S. LaValle, “Controlling wild bodies using linear temporal logic,” in Proceedings of Robotics: Science and Systems, Los Angeles, CA, USA, June 2011.
 M. Y. Vardi and P. Wolper, “An automatatheoretic approach to automatic program verification,” in Logic in Computer Science, 1986, pp. 322–331.
 G. Holzmann, “The model checker SPIN,” IEEE Transactions on Software Engineering, vol. 25, no. 5, pp. 279–295, 1997.
 S. L. Smith, J. Tmová, C. Belta, and D. Rus, “Optimal path planning for surveillance with temporal logic constraints,” International Journal of Robotics Research, vol. 30, pp. 1695–1708, Dec. 2011.
 A. Ulusoy, S. L. Smith, X. C. Ding, C. Belta, and D. Rus, “Optimal path planning for surveillance with temporal logic constraints,” pp. 3087–3092, Sep. 2011.
 M. Kloetzer and C. Belta, “Automatic deployment of distributed teams of robots from temporal logic specifications,” IEEE Transactions on Robotics, vol. 26, no. 1, pp. 48–61, 2010.
 R. Milner, Communication and concurrency.1em plus 0.5em minus 0.4emPrenticeHall, 1989.
 A. Puri, “An undecidable problem for timed automata,” Discrete Event Dynamic Systems, vol. 9, no. 2, pp. 135–146, 2000.
 ——, “Dynamical properties of timed automata,” Discrete Event Dynamic Systems, vol. 10, no. 12, pp. 87–113, 2000.
 L. C. G. J. M. Habets and J. H. van Schuppen, “A control problem for affine dynamical systems on a fulldimensional polytope,” Automatica, vol. 40, pp. 21–35, 2004.
 Y. Chen, X. C. Ding, and C. Belta, “A formal approach to the deployment of distributed robotic teams,” IEEE Transactions on Robotics, 2011, to appear.
 S. L. Smith, J. Tmová, C. Belta, and D. Rus, “Optimal path planning under temporal logic constraints,” in IEEE/RSJ Int. Conf. on Intelligent Robots & Systems, Taipei, Taiwan, Oct. 2010, pp. 3288–3293.
 D. Peled, T. Wilke, and P. Wolper, “An algorithmic approach for checking closure properties of temporal logic specifications and omegaregular languages,” Theor. Comput. Sci., vol. 195, no. 2, pp. 183–203, 1998.
 “Graphviz  graph visualization software,” http://www.graphviz.org/.
 “LTL2BA,” http://www.lsv.enscachan.fr/ gastin/ltl2ba/index.php.