1. Introduction
In recent years, robots have been adopted in many operational areas that require high safety protocols (e.g., unmanned aerial vehicles (UAVs), surgery, and autonomous driving). Hence, the reliability and safety of robot development have become topics of considerable research interest [
1]. Although most robots operate in structured environments with extensive testing and parametric fail-safes, manual testing programs often do not consider all high-risk scenarios, which compounds the risk of unforeseen mishaps. Formal methods [
2,
3] are crucial for ensuring the reliable design and development of complex robot systems, including their safety measures and fail-safes. Accordingly, our purpose in this research is to introduce a formal method for robot safety verification.
Our focus is on the formal verification of robot rotary kinematics. As an application of kinematic geometry, rotary kinematics [
4] describes purely geometric problems (e.g., positions and orientations of robot motions). Thus, robot motion control [
5] relies on kinematic descriptions and can be validated mathematically. Our objective is to formally verify the rotary problems of robot kinematics using the Coq Proof Assistant [
6,
7].
In a robot system, links and manipulators are considered rigid bodies; hence, vector-matrix theory [
8,
9] can be used to establish a general description of their positions and movements with respect to a global coordinate system,
G. Robot manipulators can rotate and move around each other. Thus, the various robot components’ rigid-body coordinate systems (
,
, …,
) along each link are referred to in terms of the generalized local coordinate system,
B. Let
G be the global coordinate system;
represents the transformation of vector
r from
G to
B, and
represents the transformation of vector
r from
B to
G. Through
and
, we can globally define the positions between connecting rods and between the rods and environment.
Formal verification relies on mathematical modeling and deductive reasoning, and it is more rigorous and reliable than empirical and heuristic methods [
10,
11]. Thus, by formally verifying robot rotary kinematics, we hope to ensure the safety of robot controls and their algorithmic designs. In summary, we apply a formal mathematical method of proof to the detection of “correctness’’ in robot rotary kinematics. The formal framework of robot rotary kinematics is illustrated in
Figure 1. First, based on Matrix formalization, we formally define the matrix Frobenius norm, matrix trace, and matrix inner product, providing mathematical formal support for the formal verification of robot rotary kinematics. Then, we divide rotary motion into revolution and rotation, defining their formal representations. Based on this, we perform the formal verification of some common rotary problems, including the Euler angles and Rodriguez formula.
Our contributions can be summarized as follows. First, we expand the formal matrix library based on record type. Specifically, we add formal definitions and proofs of the matrix Frobenius norm, trace, and inner product using a verifiable mathematical process. We divide rotary motion into revolution and rotation, and formally verify the full system coordinate transformation. Moreover, we construct a rotation matrix of angles, which is conventionally used in engineering, to provide the formal definition and verification of Euler angles. Furthermore, we provide the formal definition and verification of the Rodriguez formula. Finally, we demonstrate the applicability of the proposed formal method through case analyses of robot rotary motion problems and demonstrate how to formally verify specific robot rotary problems.
The organization of the paper is as follows: In
Section 2, we discuss related works. In
Section 3, matrix formalization and rotary kinematics are briefly reviewed. In
Section 4, formal spatial geometry verification methods are presented. In
Section 5, we formally define “revolution” and “rotation” and verify their pertinent properties. In
Section 6 and
Section 7, we formally verify Euler angles and the Rodriguez Formula, respectively. In
Section 8, we provide case analyses and verify the correctness of their rotary kinematics. Finally, in
Section 9, we conclude and discuss future efforts.
2. Related Works
In the field of robot verification, many methods have been proposed in recent years. Ref. [
12] focused on the safety of physical human–robot collaboration and proposed a formal verification-based risk analysis method for detecting and modifying hazardous situations early in a model’s design. From a multidisciplinary perspective, ref. [
13] developed a two-step verification method by combining formal methods and schedulability analytics, which led to the design of a novel multi-resource locking mechanism for real-time robot services. A drone example was used to demonstrate the benefits of the above approach. Considering that camera pose estimation is a critical component of robot tasks, ref. [
14] attempted to formalize and validate the unique and general solutions of pose estimation algorithms using an interactive theorem prover. Some researchers have combined formal validation with a robot operating system (ROS). Based on the formalization of ROS architectural models and node behaviors in Electrum, a formal specification language based on first-order linear temporal logic, ref. [
15] integrated their proposed technique into the HAROS framework for the analysis and quality improvement of robotics software. Using a linear logic theorem prover, ref. [
16] presented a new technique to formally describe and verify robotic systems to meet the need for an easy-to-use framework for expressing and verifying robot systems in a ROS. In summary, many researchers have applied formal verification methods to various real-world robot applications.
In the industrial domain, ref. [
17] studied a representative safety-critical industrial paint robot system from ABB Inc. Through the transfer of hardware abstractions and verification results among tools, they formalized the convergence of a high-voltage system. To meet the demands of user-defined verification goals in robot manufacturing, a layer-based formal scheme was proposed by [
18] to support state-space comprehensive verifications.
In healthcare settings, ref. [
19] extended the application of formal methods to human modeling using hybrid automata formalism to capture the variability of human behaviors. This resulted in a user-friendly representation that used the Uppaal integrated tool environment for modeling, validation and verification of real-time systems to automatically generate and verify a formal model.
Notably, UAVs and autonomous vehicles are suitable for formal verification. In the context of a distributed UAV scenario representing urban air mobility, ref. [
20] constructively provided some insightful ideas to accelerate the development cycle of transforming formally verified models to robotic simulations. To navigate a UAV inside a safety corridor, ref. [
21] developed a genetic fuzzy system and demonstrated its adherence to behavior safety specifications. Considering the importance of the formal verification of robotics and autonomous vehicles, ref. [
22] developed a binary-search method to extend timed automata models of robotic specifications with dynamic priority schedulers and demonstrated scalability improvements in a real robot case.
Unlike the abovementioned studies, we focus specifically on rotary kinematics problems and use the Coq Proof Assistant [
23] to formally verify robot rotary kinematics.
6. Euler Angles
In a three-dimensional (3D) space, the orientation of any coordinate system can be represented by Euler angles. The global coordinate system is assumed to be stationary, whereas the local coordinate system rotates with the rigid body. Euler angles are described by three independent parameters that determine the position of a fixed-point rotating rigid body through its precession, nutation, and rotation angles.
Figure 5 shows the geometric representation of the Euler angles in space, where
X,
Y, and
Z are the axes of the global coordinate system, and
x,
y, and
z are the axes of the local coordinate system. Additionally,
N is the intersection line of
and
.
There is no consensus on the convention for Euler angles in different fields. Hence, their use requires specifying one. In this paper, we formally define and verify commonly used Euler angle conventions.
6.1. Euler Angles per the Convention
The angles obtained from the
convention are also called “Tait—Bryan’’ angles, and they often appear in engineering applications to describe the direction of mobile vehicles or missiles. The three angles reflect the roll about the rotation of the airframe axis, the pitch describing the rotation perpendicular to the airframe axis, and the yaw describing the rotation of the vertical axis. In
Figure 6, the rotations around the
x,
y, and
z axes are called “roll” (
), “pitch” (
), and “yaw” (
), respectively.
Based on Formula (
15), the roll–pitch–yaw rotation matrix is given by Formula (
13):
According to the physical meaning of roll, pitch, and yaw, we provide the following formal definition:
Next, we prove the equivalence of in so that the roll–pitch–yaw sequence can be transformed into a rotation matrix.
Lemma 13. Formal verification of Formula (13). 6.2. Euler Angles per the Convention
Using the
convention, precession is the rotation around the
z axis, nutation is the rotation around the
x axis, and spin is another rotation around the
z axis. Its rotation matrix is given by Formula (14), where
is the precession angle,
is the nutation angle, and
is the rotation angle:
Our formal proof of the rotation matrix reflecting Euler angles is as follows:
Lemma 14. Formal verification of Formula (14). Based on precession angle
, nutation angle
, and rotation angle
, we can calculate the overall rotation matrix according to
. Given a rotation matrix, we can recover the Euler angles. For example, Formula (15) describes the solution for precession angle
from a rotation matrix:
We formally verify the precession angle solution as follows, where
–
represent the verification of
in the first–fourth quadrants, respectively.
Lemma 15. In the domain of definition , . Lemma 16. In the domain of definition , . Lemma 17. In the domain of definition , . Lemma 18. In the domain of definition , . Formula (16) describes the solution for nutation angle
, given a rotation matrix:
Then, the formal verification of the nutation angle solution is expressed as
Lemma 19. In the domain of definition , . Lemma 20. In the domain of definition , . Finally, Formula (17) describes the solution for rotation angle
, given a rotation matrix:
Accordingly, the formal verification of the rotation angle solution is as follows:
Lemma 21. In the domain of definition , . Lemma 22. In the domain of definition , . Lemma 23. In the domain of definition , . Lemma 24. In the domain of definition , . 7. Rodriguez Formula
For a rigid body with fixed point O, a revolution by angle, , around in G can be decomposed into revolutions around three specific non-coplanar axes. On the contrary, after a rigid body rotates for a finite number of times, its revolution effect is equivalent to a specific revolution around a specific axis. The Rodriguez formula is a simple and effective way to describe such revolutions.
7.1. Proof of the Existence of the Rodriguez Formula
Let
be a line passing through origin
O in
G and the rigid body that rotates by angle
around
. We denote the direction vector of
as
u. The revolution of the rigid body around
u is equivalent to the following process: (1) Rotate one axis in
B to coincide with
u; (2)
B rotates
around
u; (3)
B performs a revolution inverse to that in Step 1. We rotate the
z axis in
B to coincide with
u, as shown in
Figure 7.
In
Figure 7, the rigid body first rotates by angle
around the
z axis and then by angle
around the
y axis, such that the
z axis coincides with
u. Then, it rotates by angle
around the
z axis and finally rotates in the reverse sequence. The corresponding revolution is shown in Formula (18), where
is the revolution matrix of
:
With this corollary, we can assume that the z axis coincides with u after two rotations. We use a formalization to verify this assumption.
Lemma 25. There are angles φ and ϑ such that direction vector of the z axis coincides with u in G after two rotations. According to Formula (18), we assume the equivalence of
and solve the matrix form of
under constraints:
Lemma 26. Formal verification of Formula (18) 7.2. Formal Definition of the Rodriguez Formula
In
, we proved that for any revolution axis,
u, passing through the origin, it is always possible to match the
u and
z axes after two rotations. In
, we verified the equivalent form of revolution matrix
under constraints. Using
, the Rodriguez formula can be deduced as shown in Formula (19) for direction vector
u:
Generally, for any non-zero vector, , its direction vector is .
According to Formula (19), we formally define the Rodriguez formula as
. In the definition of
,
represents the revolution angle, and
represents any non-zero revolution axis:
7.3. Equivalence between the Rodriguez Formula and a Revolution around
The Rodriguez formula applies to a rigid body rotating around , a vector in G. When coincides with the X axis (Y or Z axes), is equivalent to revolution matrix around .
Lemma 27. When and , . Lemma 28. When and , . Lemma 29. When and , . indicates that when the revolution axis coincides with the X axis, the Rodriguez formula describes a revolution around the X axis. Similarly, and show that when the revolution axis coincides with the Y and Z axes, respectively, the Rodriguez formula describes revolutions around .
7.4. Non-Uniqueness of the Revolution Axis and Angle
Using
, we can obtain the corresponding revolution matrix,
, given revolution angle
and revolution axis
. Conversely, for the given
, we can obtain
and
u (i.e., the direction vector of
). This is shown in Formula (20), where
denotes the element at position (1,0) in
:
From Formula (20), the solutions of and are non-unique for the given . We formally verify the non-uniqueness of the solution in and :
Lemma 30. When ξ is any non-zero vector and , Lemma 31. When ξ is any non-zero vector and , shows that when the rigid body revolution by angle around , the revolution is equivalent to a revolution by angle around . This equivalence relation is obvious in a geometric proof. proves this equivalence through the formal method. Similarly, shows that when the revolution angle increases by , the revolution matrix is equivalent.
7.5. Generalized Rodriguez Formula
The formal verification of the Rodriguez formula assumed that
B and
G coincide initially. That is, in the initial state,
r has an equivalence in
G and
B. More generally,
B and
G need not coincide initially, as shown in Formula 22, where
is the revolution matrix.
When the initial state coordinate systems do not coincide, to obtain the Rodriguez formula, we assume a new global coordinate system, , which coincides with B initially. Therefore, transformation of r is decomposed into and .
To obtain the revolution matrix of
, we apply the Rodriguez formula. The revolution axis should be represented in
, as shown in Formula (22), where
is the revolution axis in
G,
is the revolution matrix of
, and
is the revolution angle.
Therefore, the revolution matrix of
in the final state is given by Formula (23), where
can be obtained from
and
. Similarly,
can be obtained from
and
.
We use the formal methods to infer and verify Formula (23). First, we formally define revolution axis
u, revolution angle
, and revolution matrix
of
(in the initial state) and set the length of
u to one.
Second, according to
, we define revolution matrix
of
in the initial state.
Again, according to Formula (22), we redefine revolution axis
in
:
Finally, we formally define revolution matrix
for
:
Based on this definition, a formal proof of the equivalence relation in Formula (23) is provided in :
Lemma 32. Formal verification of Formula (23). 8. Case Analysis and Verification
In this section, we analyze and prove several cases related to robot rotations to show the applicability of our formal verification of designed robots.
8.1. Revolution around the Global Coordinate System
Case 1: In the initial state,
G coincides with
B. Let rigid body
D, represented in
B, rotate continuously around the
X axis of
G at an angular velocity of
along with point
in rigid body
D. We illustrate the calculation of position
of point
, represented in
G, at
s.
For this case, we obtain solution via the informal method. For the formal method, we apply the formal verification shown above, where is the time variable, is the revolution angle variable, and is the revolution axis variable. From , we observe that the solution to this case is , as expected.
8.2. Rotation around the Local Coordinate System
Case 2: In the initial state, G coincides with B. Let rigid body D, represented in G, first rotate by around the z axis and then rotate by around the x axis to finally rotate by around the y axis in B along with point in rigid body D. We illustrate the calculation of position of point , represented in B, after rotation.
Similar to case 1, we obtain solution [
,
,
]
using the informal method. For the formal method, we show the formal verification below, where
is a list corresponding to the rotation order. From
, the solution to this case is
, as expected.
8.3. Euler Angle Cases
Case 3: Given precession angle , nutation angle , and rotation angle , we determine the corresponding Euler angle rotation matrix.
To obtain the rotation matrix from the given Euler angles, we can use
to complete the formal verification with the following script:
Our analysis of the Euler angles for a given rotation matrix is shown below.
Case 4: Given the rotation matrix in Formula (24), we determine the corresponding Euler angles:
For this type of case, we can use
–
for verification, as follows:
8.4. Rodriguez Revolutions
Case 5: Let local coordinate system
B rotate by three Euler angles (
) with respect to global coordinate system
G. We determine revolution axis
u and revolution angle
equivalent to that revolution.
Case 6: Let a rigid body rotate by around the X axis, and suppose the rigid body continues to rotate by around . We determine the corresponding revolution matrix, .
For this type of case, we can use
for verification, as follows:
9. Conclusions
As one of the most basic theories in motion control systems, rotary kinesthetics is widely used in different research topics. In this paper, the formal technology was applied to verify the correctness of robot rotary motion theory. We divided rotary motion into two types (i.e., revolution and rotation) and defined them formally. Specifically, we established a 3D coordinate system model in the Coq Proof Assistant and formally defined the matrix trace, Frobenius norm, and inner product in the model. We formalized the definition of Euler angle and verified its transformation relationship with the rotation matrix. Moreover, we completed the machine proof of the Rodriguez formula. In this paper, all proofs and verifications were implemented using the Coq Proof Assistant. All source files are accessible at
https://github.com/GuojunXie123/RFV.git (accessed on 7 January 2023).
Overall, the proofs of the formal verification consist of about 3200 lines of code. The code has been tested and should compile under Coq 8.13.2.
Table 1 provides a detailed account of the formalization in terms of script files. To help navigate through them, we indicate the related sections in the paper. The count in terms of lines of code distinguishes between specifications and proofs.
In the future, we will complete the verification of more robot control technologies based on the formal verification framework of this paper. With more complex kinematic logic, we will improve the formal verification framework of more types of robot kinematics. Our goal is to complete the formal verification of a robot control system. We also plan to develop some automatic tactics that can be used to increase the automation of formal proofs. This will be a meaningful exploration and a worthwhile attempt in the field of automated control system verification. Additionally, we will also try to combine the technologies of code generation and formal verification. We plan to design a robot control algorithm and automatically generate the C code using Coq Proof Assistant. This is expected to vastly improve the safety assurance of robot control systems.