formal kinematics analysis of two link planar...
TRANSCRIPT
FORMAL KINEMATICS ANALYSIS OF TWO
LINK PLANAR ROBOT
By
Binyameen
2010-NUST-MS-CS&E-23
A thesis submitted in partial fulfillment of the requirements for the degree of Masters of
Science in Computational Science and Engineering
Research Centre for Modeling and Simulation,
National University of Sciences and Technology (NUST),
Islamabad, Pakistan.
(August 2014)
i
c©Copyright
by
Binyameen
2014
ii
To My Family
and
My Teachers
iii
Acknowledgements
In the name of ALLAH, the Most Gracious and the Most Merciful, all praises to ALLAH
for His countless blessings on me in order to complete this thesis.
I am enormously pleased to precise my intense gratefulness and deepest gratitude to my
advisor Dr. Osman Hasan for his excellent guidance, strong support, expert advice and
providing me the life time chance for doing research under his supervision even though I
had no research experience. I would also like to thanks him for supporting me by providing
Research Assistantship. I attribute the level of my Masters degree to his encouragement
and effort and without him this thesis, too, would not have been completed or written. His
punctuality, regularity, timely response of emails, his tolerance regarding my blunders was
all excellent. I could not have wished for a better thesis supervisor.
I offer my thank to Dr. Sohail Iqbal for sparing time out of his so much busy routiune to
assist me as my external examiner and taking extra interest specially by helding meetings
after regular intervals. I would like to thank Dr. Meraj Mustafa Hashmi for his helpful
suggestions, comments and for serving on my thesis committe. I sincerely thank to Engr.
Sikander Hayat Mirza for his unconditional help and encourgment for doing my thesis in
SAVE Lab. I am also thankful to Dr. Khalid Pervez who directed me on the different
phases of my research thesis.
I offer my special thank to Umair Siddique, my friend and a former member of SAVE Lab
for his motivation and support. Without his help, I would not be where I am today. Many
thanks to my colleagues at RCMS and all members of SMART Lab for their support and
nice company. I would also like to thank Muhammad Sheraz Khaliq, Muhammad Salman
Manzoor, Muhammad Usman Sanwal, Muhammad Ahmad, Waqar Ahmed, Faiq Lodhi,
Hafiz Afzal, Muhammad Ali Mehar, Asif Mehmood, all hostel fellows and RCMS staff for
their support and encouragement.
Lastly but not least, I will always be grateful to my mother for her prayers, love and
iv
support. I would also like to thank all my family members, specially my elder brother
Abdulrehman for his support and motivation for higher studies.
v
Abstract
Kinematic analysis is used for trajectory planning of robotic manipulators and is an integral
step of their design. The main idea behind kinematic analysis is to study the motion of the
robot based on the geometrical relationship of the robotic links and their joints. Given the
continuous nature of kinematic analysis, traditional computer-based verification methods,
such as simulation, numerical methods or model checking, fail to provide reliable results.
This fact makes robotic designs erroneous, which may lead to catastrophic consequences
given the safety-perilous sort of robotic applications. Leveraging upon the high expres-
siveness of higher-order logic, we used higher-order-logic theorem proving for conducting
formal kinematic analysis. As a first step towards this direction, we utilize the geometry
theory of HOL-Light to develop formal reasoning support for the kinematic analysis of
a two-link planar manipulator, which forms the basis for many mechanical structures in
robotics. To prove the usefulness of our foundational formalization, we put forward the
formal kinematic analysis of a biped walking robot.
vi
Table of Contents
Page
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Chapter
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Kinematic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Techniques used for Kinematic Analysis . . . . . . . . . . . . . . . . . . . . 2
1.2.1 Numerical Methods or Simulation . . . . . . . . . . . . . . . . . . . 2
1.2.2 Computer based Softwares for Kinematic Analysis . . . . . . . . . . 3
1.2.3 Problem Description . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.4 Proposed Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1 Theorem Proving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 HOL Light Theorem Prover . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.4 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.5 Inference Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.6 Theorems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.7 Theories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.8 Proofs in HOL Light . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
vii
2.9 HOL Light Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.10 Harrison’s Formalization of Multivariate Calculus Theories in HOL-Light . 14
2.10.1 Formalization of Vectors Theory . . . . . . . . . . . . . . . . . . . 15
2.10.2 Formalization of Geometry Theory . . . . . . . . . . . . . . . . . . 17
3 Kinematic Analysis of Two-Link Planar Manipulator . . . . . . . . . . . . . . . 19
3.1 Forward Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2 Inverse Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4 Formalization of Kinematic Analysis in HOL Light . . . . . . . . . . . . . . . . 25
4.1 Forward Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.2 Inverse Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5 Application: Biped Robot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
6 Conclusions and Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
viii
List of Figures
3.1 Kinematic Diagram a Two-Link Planar Manipulator . . . . . . . . . . . . . 20
3.2 Two solutions for Inverse Kinematics . . . . . . . . . . . . . . . . . . . . . 23
5.1 Biped Robot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
ix
List of Tables
2.1 HOL Symbols and Functions . . . . . . . . . . . . . . . . . . . . . . . . . . 14
x
Chapter 1
Introduction
1.1 Kinematic Analysis
Kinematic analysis [19] is the study of motion of a machine or mechanism with respect to a
fixed reference coordinate system without considering the forces or moments that cause the
motion. The objective of any analysis of kinematics is to make refined intellectual models
that serve to explain the motion of real-world objects. It mainly allows us to determine
parameters like the position, displacement, rotation, speed, velocity and acceleration of
a given mechanical structure and is thus used to design the geometrical dimensions and
operational range of a mechanical structure according to the given specifications. Kine-
matics describes the analytical relationship between the joint positions and the end-effector
position and orientation while differential kinematics describes the analytical relationship
between the joint motion and the end-effector motion in terms of velocities. The main
idea behind kinematic analysis is to first identify the links (rigid bodies) and joints (allow
rotation or sliding) of the given mechanical structure and then construct a corresponding
kinematic (skeleton) diagram, which is a geometrical structure depicting the connectivity
of links and joints. Finally, the kinematic diagrams are analyzed, using the principles of
geometry, to determine the motion of any point of interest in the kinematic diagram [8].
Robot kinematics deals with aspects of redundancy, collision avoidance and singularity
avoidance.We have been created with bones, muscles and senses. Muscles are helpful in
controlling ourselves and senses are used for measurements: touch, vision, etc. Similarly
robots are made up of links and joints in numerous arrangements. Unintelligent robots can
merely control and compute the joints directly, such as rotate any joint for 200 pulses. These
1
joints are called coordinates. In order to achieve a task in an application, we have to handle
the position and orientation in different coordinate systems such as work piece to tool. The
embryonic robot is unfamiliar with the connections between joint coordinates and other
coordinate systems. It is very problematic to be used in applications. That distinguishes
a toy robot from an industrial robot. For a robot to move to specific position at certain
orientation conveniently, the relationships between the joint coordinate system and some
other systems, such as base or tool systems, must be known. Kinematic analysis allows
us to extract useful information about the workspace, dexterity and precision of a given
robotic design [32]. Thus, kinematic analysis is always performed during the conception
phase of a robot to ascertain that the designed robot is appropriate to serve the given
purpose [28]. For example, kinematic analysis has been used to judge the slope climbing
capability of a biped robot [25] and the repairing the human aortic aneurysm capability of
a minimal invasive surgical robot [9].
1.2 Techniques used for Kinematic Analysis
1.2.1 Numerical Methods or Simulation
Given the safety-critical nature of many robotic applications, traditional techniques, like
numerical methods or simulations, are not encouraged to be used for kinematic analysis
[30]. Numerical methods can only provide estimated solutions to problems over a definite
interval such as distance or time. The inaccuracy involved in the solution depends on the
problem solving technique. Numerical methods are used with larger systems containing
many connections. Numerical methods are employed when assessing empirical information
such as experimental data. Such information will contain some amount of error irrespective
of exactness and regulations conducted while doing the experiment. In such a situation it
is just wastage of time to use exact analytical methods because the solution can never be
more accurate than the input data. One of the main disadvantage of numerical method is
2
its pathological behavior. i.e. using this method we have to face difficulties with precision,
singularities and stability. Moreover simulation generates a way of evaluating solutions but
does not generate solutions themselves. Simulation is not precise. It does not yields an
answer but merely provides a set of the system’s response to different operating conditions.
In many cases, this lack of precision is difficult to measure. Simulation cannot naturally
be used to find an optimal solution. There are methods which long to optimize the result,
but simulation is not inherently an optimization tool.
1.2.2 Computer based Softwares for Kinematic Analysis
Computer algebra systems, like Maple and Mathematica, offer complete packages (e.g. [31])
for kinematic analysis of mechanical systems. Despite being very efficient for computing
mathematical solutions symbolically, these methods cannot be considered 100% reliable
due to the involvement of unverified huge symbolic manipulation algorithms in their core.
While formally correct, symbolic integrals may not be suitable for numerically computing
the area under the curve[8]. Also, for expressions that do not consist of elementary functions
(e.g., Bessel functions) computer algebra systems may have less success[6]. It is generally
perceived that failures in computer algebra systems are commonly due to memory excess:
for numerous problems in computer algebra, some of the best available algorithms agonize
with intermediary expression surge where the consequence is of tolerable size, but the
intermediary calculation meets serious memory limitations. As an alternative, interval
analysis has been used to find the safe kinematics for a minimum invasive surgical robot
[15]. However sometimes, due to computational pessimism, the resulting interval becomes
too large to provide any useful information. Moreover, interval analysis is not suitable
to exhaustively check the initial hypothesis of the model properly and thus cannot be
completely relied upon as well. Inaccuracies in kinematic analysis could lead to disastrous
consequences, including a robot’s breakdown [17], and thus investigating more reliable and
sound kinematic analysis techniques is a dire need.
3
1.2.3 Problem Description
In the past couple of decades, formal methods have emerged as a successful verification
technique for both software and hardware systems. The laborious exercise of creating a
mathematical model for the specified system and evaluating this model using mathematical
logics usually enhances the probabilities for catching artful but precarious design errors
that are mostly disregarded by conventional techniques like paper-and-pencil based proofs
or numerical methods[13]. However, due to the continuous nature of the analysis and
the immersion of analytical geometry, automatic state-based formal methods, e.g. model
checking, cannot be used to ascertain absolute correctness. On the other hand, leveraging
upon the high expressiveness of higher-order logic, theorem proving can provide the ability
to formally reason about the correctness of kinematic analysis. But to the best of our
knowledge, the underlying principles of kinematic analysis have not been formalized in
higher-order-logic so far and thus formal reasoning about the correctness of kinematic
analysis is not a straightforward task.
1.2.4 Proposed Solution
As a first step towards using a higher-order-logic theorem prover for formally verifying the
correctness of kinematic analysis, we present the formal reasoning support for a two-link
planar manipulator [28], i.e., a simple yet the most commonly used mechanical structure
in robotics. In particular, we present the formalization of forward and inverse kinematic
analysis equations of a two-link planar manipulator by extending the recently developed
analytical geometry theories available in HOL-Light [11]. The main advantage of these
outcomes is that they significantly reduce the user intercession for formal reasoning about
kinematic analysis of several robots, mainly because any robot with multiple links and
joints can be expressed in terms of a two-link planar manipulator. In order to demonstrate
the practical effectiveness and utilization of the reported formalization, we utilize it to
conduct the formal kinematic analysis of a biped robot [16, 14], i.e., a two-legged mobile
4
robot, in this thesis.
1.3 Related Work
The usage of formal methods in ascertaining the correctness of continuous and physical
systems is increasingly being advocated these days [2]. In this context, formal verification
of mechanical systems, particularly the ones used in automotive and robotic applications,
have gained particular interest due to their safety-critical applications [10]. For example,
formal verification of the movements of a Samsung Home-service Robot (SHR) is presented
by analyzing its discrete control software using the Esterel model checker [7]. Similarly, an
abstracted integer-valued behavior of the mobile outdoor robot RAVON is formally modeled
in the synchronous language Quartz and is formally verified using the Averest model checker
[23]. Moreover, in order to alleviate the problems associated with unintended acceleration
due to faulty accelerator pedals, the electrical and mechanical components of Toyota’s
electronic throttle controller (ETC) have been formally modeled and verified based on the
principles of timed automata and real-time logic [24]. Likewise, an abstraction approach for
generating a discretized state-space of mechanical systems is reported in [27]. In all these
model checking based verification efforts, the continuous dynamics of mechanical systems
had to be discretized in order to be able to construct a corresponding automata-based
model [26]. Such abstractions clearly compromise the accuracy of the analysis. These
limitations can be overcome by using higher-order-logic theorem proving in the context of
verifying mechanical systems. For example, the Isabelle theorem prover has been used to
formally verify a collision-avoidance algorithm for service robots [29]. Real number and
set theories have been utilized to formalize the contour of the robot as a convex polygon
while obstacles are modeled as connected sets of points. This way, it has been formally
verified that the moving robot is able to stop, upon detecting an obstacle, within the safety
zone. The results have been verified without using any abstractions, which clearly indicates
the usefulness of theorem proving in the context of verifying mechanical systems. With
5
the same motivation, we plan to utilize higher-order-logic theorem proving for kinematic
analysis in this thesis, which, to the best of our knowledge, is a novelty.
The foremost requirement for conducting kinematic analysis in a higher-order-logic the-
orem prover is the ability to formally reason about geometry theory principles in a theorem
prover. This capability is provided by a number of theorem provers. For example, a formal
proof environment for Euclid’s elements is presented in [1]. Some other recent develop-
ments include the axiomatic formalization of Euclidian plane geometry along with some
interactive and automated reasoning support for geometrical properties in the Coq theo-
rem prover[22], the formalization of the Cartesian-plane based geometry theory along with
the proof that it can model the synthetic plane geometries in the Isabelle/HOL theorem
prover [21], and the HOL-Light geometry theory formalized, based on n-dimensional real
vector (realn), in the Euclidean space [11]. In this thesis, we have chosen the HOL-Light
theorem prover for developing the foundations of kinematic analysis. The main reasons
behind this choice include the availability of all the topological and analytic foundations
for vectors, which is expected to play a vital role in extending the reported formalization
for analyzing other continuous aspects of mechanical systems, and our past familiarity with
the HOL-Light.
1.4 Organization of the Thesis
The rest of the thesis is organized as follows: Some related work about formal verification
of mechanical systems and formalization of geometry theory is presented in Chapter 3. In
Chapter 3, we also provide a brief introduction about kinematic analysis of a two-link planar
manipulator. The formalization of these foundations of kinematic analysis is provided in
Chapter 4. We utilize this formalization to conduct the formal kinematic analysis of a
biped robot in Chapter 5. Finally, Chapter 6 concludes the thesis.
6
Chapter 2
Preliminaries
In this chapter, we describe a concise overview of the HOL-light theorem prover and or-
ganize an impression of Harrison’s formalization of geometry, vector and complex analysis.
The purpose is to familiarize the basic theories along with some symbolic representations
that are going to be used in the other part of the thesis.
2.1 Theorem Proving
One of the most advanced research area in automated reasoning is theorem proving or
automatic deduction. It is concerned about the formation of mathematical theorems using
a computer software package. Based upon the descriptive requirement, these mathematical
theorems can be prepared on the basis of different types of logic, e.g. first-order logic or
propositional logic or higher-order logic. For example, the advantage of using higher-order
logic instead of first order logic appears in terms of the accessibility of extra quantifiers and
extremely expressive nature of higher-order logic. Mathematically model the given system
in an appropriate logic is the key idea behind the theorem proving based formal analysis
and then the related properties are proved using computer based formal reasoning. The
analysis becomes much easier if we use higher-order logic theorem proving for modeling
the system behaviors because any system that can be expressed mathematically, can be
formal verified using higher-order logic. The theorem provers usually based upon some
renowned axioms and primitive inference rules. The verification based on theorem proving
guarantees the accuracy because all new theorems are formed from these fundamental
axioms and primitive inference rules.
7
A theorem prover or proof assistant is a tool which enables the formal sketch of a given
system in the form of mathematical expressions. There are two kinds of provers, i.e., inter-
active and automatic. Significant user-computer interaction is required in using interactive
theorem prover, while automatic theorem prover can accomplish different proof tasks by
its own. There are a large number of theorem provers but only few of them have large user
communal and are in constant improvement. Some frequently used automated provers are
Gandalf, LeanTAP, METEOR, SATURATE, SETHEO and Otter and MetiTarski. Some
commonly used interactive higher-order logic based theorem provers include includes HOL,
HOL Light, ACL2, Coq, Isabelle, ProofPower, and MIZAR.
This thesis uses the HOL Light theorem prover to demeanour all the robotics kinemat-
ics analysis. The main motives behind this selection comprise the richness of Harrison’s
geometry analysis related theories, which are central to our work, and the capability to
use Harrison’s vector theory to formalize the angles and thus the end effector position.
Moreover, some earlier work related to formal analysis of complex analysis inspired this
thesis to be done in HOL theorem prover. functions.
2.2 HOL Light Theorem Prover
HOL Light is a computer software package to support users proves thought-provoking
mathematical theorems entirely formally in higher order logic. It establishes a very rig-
orous model of precision, but offers a number of pre-proved mathematical theorems and
automated tools (e.g. about arithmetic, real analysis and basic set theory) to prevent the
user effort. It is also completely programmable, so users can outspread it with new in-
ference rules and theorems without conceding its reliability. HOL is available in different
versions, going back to Mike Gordons work in the early 80s. HOL Light uses much easier
logical fundamentals and has little relic code, producing the system a straightforward and
simple feel as compared to other HOL systems. Notwithstanding its easiness, it deals with
theorem proving power as compared to, and in some areas better than, different versions
8
of HOL, and is widely used for some substantial industrial-scale verification applications.
HOL Light is one of the theorem provers of HOL family. The primarily version of
HOL is HOL88 trailed by following versions i-e, HOL90 and HOL98 and HOL4. It is a
cooperative theorem prover which is based on the LCF methodology which is alike to the
deduction system in which even every infinitesimal point need to be stated in detail. It
supports in writing the given system and its properties in form of mathematical properties
in metalanguage ML [20] to automate the inferences. Based on the Church[5] method ,the
HOL family provides a version of λ-calculus. HOL Light contains ten primitive rules of
inference. For the formal verification of both hardware and software, HOL Light is more
acceptable and commonly used.
HOL Light is a comparatively new edition of the HOL theorem prover. In this version
a re-engineered and simplified version of the axiomatization of the logic is given. HOL
Light is relatively small and clean as compared with other versions of HOL, and creates
acceptable demands on the running machine.
Based on polymorphic simple type theory, theorems are proved in a system of classi-
cal higher order logic in HOL Light. All proof progresses by the application of low-level
inference rules in order to maintain a high level of reliability. Several advantageous math-
ematical theories e.g. vector analysis, already exist.
2.3 Terms
Terms are identical to strings, used purely as symbolic terms. Terms are not only denoted
as collections of characters, but with the help of more affluent tree-structured depiction,
they are similar to an ’abstract syntax tree’. HOL’s logic is constructed on λcalculus in
which terms are assembled beginning from constants and variables by means of abstraction
and application. All mathematical and logical avowals are denoted in this identical way.
Constants and variables are most likely acquainted to the reader from an informal
knowledge of mathematics. Constants and variables are manipulated as the building-blocks
9
of terms. Any name can be assigned to variables, e.g. y, x, delta, angle. Constants, e.g. ⊥
(false),> (true) and [ ] (the empty list) are meant to be acronyms for other terms. Constants
dont include a couple of primitive ones, e.g. equality itself. Before using in the terms, its
definition is required.
Application is an application of a function to an operation used constantly in mathe-
matics, known as an argument. f(t) is the conventional syntax to apply a function f to an
argument t. Since HOL follows λ-calculus principles so it permits the parentheses to be
excluded, except they are desirable as t may be a composite term by itself.
Abstraction is, in a precise sense, a reverse operation to application. Given a variable y
and a term t, which may or may not have y, we can make the so-called lambda-abstraction
λy. t. It is read as ‘the function of y that uses t as its argument’. Abstractions are
not frequently perceived in informal mathematics, but they comprise at minimum two
merits. Firstly, variable dependencies and binding are made explicitly; in opposite to in
informal mathematics it is often written f(y) in conditions where the actual meaning is λy.
f(y). Secondly they permit the user to compose indistinctive function-valued expressions
deprived of specifying them (Usually we see y → t[y] used for this idea), and as we are
using higher order logic, it’s necessary to put functions on an equal basis with first-order
objects in this pattern.
2.4 Types
An important feature of HOL is that every term has a definite type. The type shows what
kind of mathematical object the term denotes (a set, a number, a function, etc) .If HOL is
capable to allocate a type to a term, but it is not determined exclusively, a common type
will be allocated automatically: But type annotations to subterms of compound terms can
be assigned. The importance of types is that they can sort out such ’nonsensical’ terms
from the begining, and monitor certain native constraints without unusual user assistance.
HOL, being based upon λcalculus, follows simple type theory quite closely. Every term
10
has a distinctive type which is either one of the elementary types or the result of applying a
type constructor to other types. The only elementary type in HOL is primarily the type of
booleans bool and the only type operator is the function space constructor. HOL prolongs
Church’s system by letting also ‘type variables’ which give a system of polymorphism.
Constants with polymorphic type are basic, and can have many types subsequent from
fixing the names of the type variables.
For knowledge, types are written in a concrete syntax with some type constructors like
written in x. Just as with constant and variable terms, type variables and type constants are
not separated syntactically: HOL’s parser accepts that everything whose name resembles
to a constant is a constant, and every other identifier is a variable. However, it’s customary
to use names beginning with an uppercase letter for type variables, e.g. X and Value.
2.5 Inference Rules
Inference rules are routes for developing new theorems and they are denoted as ML func-
tions. All other rules are based upon these inference rules and axioms. The rules are REFL
(Reflexivity: equality is reflexive), TRANS (Transitivity: equality is transitive), MK CON
(Make conversion: equal functions applied to equal arguments give equal results), ABS (Ab-
straction: if, without using any special properties of x, two expressions involving x are equal,
then the functions that take x to those values are equal), BETA (Beta-conversion: com-
bination and abstraction are converse operations), ASSUME (Assumption introduction:
from any p we can deduce p), EQ MP (Equality-mapping: connects equality with deduc-
tion), DEDUCT ANTISYM RULE (Deduction-antisymmetric-rule: also connects equality
and deduction), INST (Instantiation: variables are to be interpreted as schematic) and
INST TYPE (Instantiation-type: same, but for substitution of type variables rather than
term variable.
11
2.6 Theorems
In conventional formal logic, with the help of a precise set of syntactic rules to some
primary axioms, a formula is verified. In HOL Light, a similar concept is used in a more
computational arrangement. An exclusive type thm (’theorem’) is utilized for formulas that
have been, actually have been, not merely can be proved. A theorem is a formal statement
of the type of an axiom or it is supported from other formalized theorems by an inference
rule. A theorem is formed with a finite set of boolean terms Ω known as assumptions and
a boolean term S known as the conclusion. Any additonal theorem can be formed only
on the basis of already proved theorems. I this way, it will also satisfy the inference rules
mentioned above.
2.7 Theories
A HOL Light theory contains of a set of types, operators, definitions, constants, theorems
and axioms. It comprises a lot of theorems that have previously been proved from the
definitions and axioms. The HOL Light theories can be loaded to use the existing definitions
and theorems in those theories. The readiness of HOL Light theories permits the user to
use and outspread the present results without replicating the struggles that have already
been put in assembling such theories. HOL Light theories can have other existing theories
as well. For example, one of the Multivariate theory in HOL Light is geom which also
include real theory available in Multivariate also. We utilized the HOL Light theories of
Geometry, Vectors, Complex numbers, Real numbers and transcendental functions in this
thesis. One of the major inspirations of choosing the HOL Light theorem prover for our
work was to get advantage from these integrated mathematical theories.
12
2.8 Proofs in HOL Light
In HOL Light, two types of interactive proof methods are available: backward and forward.
Backward proof method is based on the model of a tactic; which is an ML function that
breakdowns goals into uncomplicated subgoals. In this method, the handler initiates with
the required theorem or the desired goal that is further breakdowns to easy subgoals using
the tactics which is a ML-function that breakdowns a goal into subgoals. A forward proof
method is the reverse of the backward or a goal directed proof method. In a forward proof,
the user initiates from the basis built-in inference rules and attempts to prove the require
goals on top of these inference rules and existing theorems. The forward proof method
is tough approach as compared to backward proof method due to its requirement all the
low level details of the proof. There are also many automatic proof assistants and proof
procedures existing in HOL Light which aids the user in leading the proof to the end.
In interactive theorem verification techniques user interacts with the proof editor of HOL
Light and till the last step of the proof, directs the necessary tactics to the prover. In HOL
Light, only a few proof steps are automatically solved by the prover whereas many others
have need of significant user interaction.
2.9 HOL Light Notations
The Table 2.1 presents the mathematical understanding of some HOL Light symbols and
functions used in this thesis. These symbolizations will be commonly seen in the formal-
ization mentioned in the coming chapters. The reason to mention these symbols here is to
get the person who reads handsomely equipped with the terms to come in this thesis.
13
Table 2.1: HOL Symbols and Functions
HOL-Light Symbol Standard Symbol Meaning∨ or Logical or∧ and Logical and∼ not Logical negation
<==> = Equality==> −→ Implication!x.t ∀x.t for all x : t?x.t ∃x.t for some x : tnum 0, 1, 2, . . . Positive Integers data typereal All Real numbers Real data typeabs x |x| Absolute functionsuc n (n+ 1) Successor of natural numberln x loge(x) Natural logarithm function
max x y max(x, y) Maximum of x and ymin x y min(x, y) Minimum of x and yinv x 1/x Inverse of xFACT n n! Factorial of nm ∗ ∗ n mn num m raised to num exponent ninv x x−1 Multiplicative inverse of a real xλx.t λx.t Function that maps x to t(x)
lim(λn.f(n)) limn→∞
f(n) Limit of a real sequence f
x|P (x) λx.P (x) Set of all x that satisfy the condition P(a, b) a x b A mathematical pair of two elements
2.10 Harrison’s Formalization of Multivariate Calcu-
lus Theories in HOL-Light
This section contains a concise overview to the already available multivariate vectors and
geometry theories in the HOL Light theorem prover so that the person who reads gets
familiar with some working awareness of the notations and definitions used in this thesis.
Moreover the purpose is to sort this thesis self-reliant and thus enable its interpretation for
a broader audience, containing both formal methods and robotics industrial communities.
14
2.10.1 Formalization of Vectors Theory
In HOL-Light, a vector having n-dimensional is denoted as Rn column matrix of real
numbers. All of the vector manipulations are then treated as matrix operations. Using this
reprsentation, vectors can be denoted by the data-type R2 for a proof in plane geometry,
i.e, a column matrix containing two elements [11]. In the formalization of vectors, the
first real number indicates the first (horizontal) component and the second real number
symbolizes the second (vertical) component of the corresponding point of which the location
is described by the vector. Some of the important definitions related to vectors are given
as follows:
Definition 1: Vectors Addition
` x + y = lambda i. x$i + y$i
Addition and similar pointwise operations are defined according to the above pattern. Note
that we overload the usual arithmetic symbols like +, but that the underlying constant on
the left is actually vector add (:realˆN→ realˆN→ realˆN), whereas the + on the right is
the usual addition of real numbers[11]. The notation x$i represents the $ith$ component
of a vector x.
Definition 2: Vector Scalar Multiplication
` c % x = lambda i. c * x $i
Any scalar number c can be multiplied with vector such that each component of the vec-
tor is separately multiplied by the scalar. Here on the left % operator is used which is used
to multiply a scalar number to with the vector but on the right is the usual multiplication
of two real numbers.
Definition 3: Vector Corresponding to small Natural Numbers
` vec n = lambda i. & n
15
The above mentioned definition in an inoculation from natural numbers, advantageous
to indicate the null vector by vec 0.
Definition 4: Dot Product of Vectors
` (x:real^ N) dot (y:real^ N) =
sum(1..dimindex(UNIV:N→bool)) (λ i. x$i * y$i)
One of the interesting definitions is the scalar (dot) or inner product. We showed here
it with the suitable type explanations. In informal mathematics, a very close definition to
it is written as x · y = Σ i=1n xiyi. The difference between two definitions is that in our
formal definition N is a type, we have to change it to a number by using dimindex to its
universe set.
In the definition mentioned above, norm is utilised representing the normalization of a
vector. The magnitude of vector is usually described using it. In HOL-Light [11], norm
has been formalised as follows:
Definition 5: Vector Norm
` norm x = sqrt (x dot x)
where sqrt in the HOL-Light is used to represent square root function for real numbers.
The corresponding distance function is utilised in our formalization to model robotic
arm. In HOL-Light dist (distance function) is formalized as follows:
Definition 6: Distance Function
` dist (x,y) = norm (x - y)
The function dist accepts two numbers of type real N and give the distance between them
using the norm function defined above.
Definition 7: Orthogonality
` orthogonal x y ⇔ (x dot y = & 0)
16
This definition states that the two vectors will be perpendicular to each other if and
only if their dot product is zero. It is obvious from our basic knowledge that cosθ becomes
zero when the angle θ is 90o. This is very much helpful in order to show the orthogonality
of cartesian coordinate system reference axis.
2.10.2 Formalization of Geometry Theory
Geometry is particularly rich in WLOG principles, perhaps reflecting the fundamental im-
portance in geometry of property-preserving transformations. The modern view of geome-
try has been heavily influenced by Kleins Erlanger Programm, which emphasizes the role
of transformations and invariance under classes of transformations, while modern physical
theories usually regard conservation laws as manifestations of invariance properties: the
conservation of angular momentum arises from invariance under rotations, while conser-
vation of energy arises from invariance under shifts in time, and so on. One of the most
important ways in which such invariances are used in proofs is to make a convenient choice
of coordinate system. In our formulation of Robotics Kinematics in HOL Light, geometric
concepts are all defined in analytic terms using vectors, which in turn are expressed with
respect to a standard coordinate basis [12]. For example, the angle formed by three points
is defined in terms of the angle between two vectors:
Definition 1: Angle
` angle (a,b,c) = vector angle (a - b) (c - b)
which is defined in terms of norms and dot products using the inverse cosine function acs
(degenerating to π/2 if either vector is zero):
Definition 2: Vector Angle
` vector angle x y =
if x = vec 0 then pi / &2
else acs ((x dot y) / (norm x) * (norm y))
17
where norms are defined in terms of dot products as described above. In some situations
assume that we need the sum of angles of a triangle which we know that from basic geometry,
is π radians (180 degrees):
Theorem 1: Angles of a Triangle
` ∀ A B C. ∼ (A = B ∧ B = C ∧ C = A)
⇒ angle (B,A,C) + angle (A,B,C) + angle (B,C,A) = π
The entry corresponding to angle based on the translation is very useful also described
as:
Theorem 2: Angle Translation
` ∀ a b c d. angle (a + b,a + c,a + d) = angle (b,c,d)
18
Chapter 3
Kinematic Analysis of Two-Link
Planar Manipulator
A robot manipulator is composed of a set of links connected together by various joints.
The joints can either be very simple, such as a revolute joint or a prismatic joint, or else
they can be more complex, such as a ball and socket joint. The difference between the
two situations is that, in the first instance, the joint has only a single degree-of-freedom
of motion: the angle of rotation in the case of a revolute joint, and the amount of linear
displacement in the case of a prismatic joint. In contrast, a ball and socket joint has two
degrees-of-freedom[28] [18].
The kinematics is the study of the robot’s movements verse a reference system. It is
an analytic description of the spatial movement of the robot. The kinematics of a robot
manipulator describes the relationship between the motion of the joints of the manipulator
and the resulting motion of the rigid bodies which form the robot. It is a function of time
and a relationship, between the position and the orientation (localization) of the robot’s
final link and the values of their joint coordinates. A two-link manipulator [28], depicted in
Figure 1, has two rotary degrees of freedom (DOF) in the same plane. In kinematic analysis
of this system, we are mainly interested in the trajectory planning of the end-effector (tip)
of the manipulator. In order to bring the end-effector from its initial Cartesian position to
an arbitrary point in the Cartesian space, we need to find its relationships with the joint
angles, i.e., θ1 and θ2. This can be done in two ways, i.e. forward or inverse kinematics.
This chapter gives a description of the kinematics for a general two degree of freedom,
two-link planar robot manipulator using the tool presented in Chapter 2.
19
01
02
1
2
c
y
x0x
0
y
1x
1y
2x
2y
Figure 3.1: Kinematic Diagram a Two-Link Planar Manipulator
3.1 Forward Kinematics
The forward kinematics of a robot determines the configuration of the end-effector (the
gripper or tool mounted on the end of the robot) given the relative configurations of each
pair of adjacent links of the robot[18].
In this section we develop the forward or configuration kinematic equations for rigid
robots. The forward kinematics problem is concerned with the relationship between the
individual joints of the robot manipulator and the position and orientation of the tool or
end-effector[28]. Stated more formally, the forward kinematics problem is to determine
the position and orientation of the end-effector, given the values for the joint variables of
the robot. The joint variables are the angles between the links in the case of revolute or
rotational joints, and the link extension in the case of prismatic or sliding joints [28]. The
forward kinematics problem is to be contrasted with the inverse kinematics problem, which
will be studied in the next section[18].
A robot manipulator with n joints will have n + 1 links, since each joint connects two
links. We number the joints from 1 to n, and we number the links from 0 to n, starting
from the base. By this convention, joint i connects link i 1 to link i. We will consider
the location of joint i to be fixed with respect to link i 1. When joint i is actuated, link
20
i moves. Therefore, link 0 (the first link) is fixed, and does not move when the joints are
actuated. Of course the robot manipulator could itself be mobile (e.g., it could be mounted
on a mobile platform or on an autonomous vehicle)[28]. To perform the kinematic analysis,
we rigidly attach a coordinate frame to each link. In particular, we attach oixiyizi to link
i. This means that, whatever motion the robot executes, the coordinates of each point on
link i are constant when expressed in the ith coordinate frame. Furthermore, when joint
i is actuated, link i and its attached frame, oixiyizi, experience a resulting motion. The
frame ooxoyozo, which is attached to the robot base, is referred to as the inertial frame[18].
There are two types of coordinates that are useful for describing the configuration of
the system. If we focus our attention on the task and the end effector, we would prefer
to use Cartesian coordinates or end effector coordinates. The set of all such coordinates
is generally referred to as the Cartesian space or end effector space11. The other set of
coordinates is the so called joint coordinates that is useful for describing the configuration
of the mechanical lnkage. The set of all such coordinates is generally called the joint
space. In robotics, it is often necessary to be able to map joint coordinates to end effector
coordinates. This map or the procedure used to obtain end effector coordinates from joint
coordinates is called direct kinematics[28].
The forward kinematics is the problem of determining the Cartesian position of the
end-effector of the manipulator in terms of the joint angles. This is not a straightforward
task due to the presence of multiple coordinate frames, i.e., (x0, y0), (x1, y1) and (x2, y2).
It is customary to resolve this issue by establishing a fixed coordinate system, usually
referred to as the world or base frame, to which all objects, including the manipulator, can
be referenced from. Mostly, this base coordinate frame is established at the origin of the
manipulator. The Cartesian coordinates (x, y) of the end effector can now be expressed in
this coordinate frame as [28]
x = α1 cos θ1 + α2 cos(θ1 + θ2) (3.1)
21
y = α1 sin θ1 + α2 sin(θ1 + θ2) (3.2)
where α1 and α2 are the lengths of the two links, respectively.
3.2 Inverse Kinematics
The analysis or procedure that is used to compute the joint coordinates for a given set of end
effector coordinates is called inverse kinematics. Basically, this procedure involves solving
a set of equations. However the equations are, in general, nonlinear and complex, and
therefore, the inverse kinematics analysis can become quite involved. Also, as mentioned
earlier, even if it is possible to solve the nonlinear equations, uniqueness is not guaranteed.
There may not (and in general, will not) be a unique12 set of joint coordinates for the given
end effector coordinates[28].
We now consider the inverse kinematics problem: given a desired configuration for the
tool frame, find joint angles which achieve that configuration.
Inverse kinematics allows us to find the joint angles, θ1 and θ2, in terms of the position
of the end-effector of the manipulator. The law of Cosines provides us with the following
relationship for the angle θ2
cos θ2 =(x2 + y2 − α2
1 − α22)
2α1α2
:= D (3.3)
If the desired Cartesian position coordinates (x, y) lie within the range of the manipu-
lator’s end-effector and the two links do not have to be fully extended to reach this point,
then there are two different ways, i.e., elbow-up and elbow-down, in which the end-effector
can reach the desired position, as shown in Figure 2. So, instead of obtaining θ2 from the
above equation, which does not distinguish between these two cases, we use the following
relationships:
sin θ2 = ±√
1−D2 (3.4)
22
Elbow Up
Elbow Down
Figure 3.2: Two solutions for Inverse Kinematics
θ2 = tan−1(±√
1−D2
D) (3.5)
This way, both the elbow-up and elbow-down solutions can be obtained by choosing either
the positive or the negative sign in Equation (5). Now θ1 can be found in terms of θ2 as
follows:
θ1 = tan−1(y
x)− tan−1(
α2 sin θ2α1 + α2 cos θ2
) (3.6)
The main contribution of this thesis is the formalization of the two-link planar manipu-
lator in higher-order logic and the formal verification of the above mentioned equations in
HOL-Light. The availability of this formalization will greatly minimize the human interac-
tion required in formal reasoning about kinematic analysis of real-world robotic applications
in HOL-Light.
In solving an inverse kinematics problem, one first divides the problem into specific
subproblems, such as solving for 2 given r and then using 1 to rotate the end-effector to
the proper position. Each subproblem may have zero, one, or many solutions depending
on the desired end-effector location. If the configuration is outside of the workspace of the
manipulator, then no solution can exist and one of the subproblems must fail to have a
solution (consider what happens if r ¿ l1 + l2 in the example above). Multiple solutions
occur when the desired configuration is within the workspace but there are multiple joint
23
configurations which all map to the same end-effector location. If a subproblem gener-
ates multiple solutions, then we must complete the solution procedure for all joint angles
generated by the subproblem[18].
Traditionally, inverse kinematics solutions are separated into classes: closed-form solu-
tions and numerical solutions. Closed-form solutions, such as the one given above, allow
for fast and efficient calculation of the joint angles which give a desired end-effector con-
figuration. Numerical solutions rely on an interactive procedure to solve equation (3.15).
Most industrial manipulators have closed-form solutions. These solutions are obtained in a
manner similar to that described above: using geometric and algebraic identities, solve the
set of nonlinear, coupled, algebraic equations which define the inverse kinematics problem
[18].
24
Chapter 4
Formalization of Kinematic Analysis
in HOL Light
We formalized the two-link manipulator, depicted in Figure 1, in the Cartesian plane as
the following higher-order-logic function in HOL-Light
Definition 1: Two Link Manipulator
` ∀ A B. tl manipulator A B = A + B
The function tl manipulator accepts two vectors A and B of data type (real2), which
represent the two links of the two-link manipulator, and returns their vectored sum, which
is indeed the Cartesian position of the corresponding end-effector. By default, the common
base frame of the two vectors is oriented at the origin. It is important to note that 2-
dimensional vectors are used for the two links because of the planar nature of the mechanical
system under consideration.
The two links of a general planar manipular with revolute joints can have both anti-
clockwise and clockwise rotations. In the context of the formal verification of the equations,
presented in the previous section, it is very important to have a formal mechanism to dis-
tinguish between these two kinds of rotations. For this purpose, the following HOL-light
predicate with data-type (real2 → real2 → real2 → bool) is used:
Definition 2: Anticlockwise
` ∀ B A D. anticlockwise D (A,B) <=> 0 ≤ Im (B−DA−D)
where Im represents the HOL-Light function that returns the imaginary part of a complex
number or the y-component of a two-dimensional vector in the Cartesian plane. The
25
predicate anticlockwise accepts three arbitrary points, A , B and D, in the Cartesian
plane and returns True if the angle from DB to DA is considered in the anticlockwise
direction.
A very interesting property, in the context of our verification, is the following addition
relationship between three anticlockwise angles:
Theorem 1: Anticlockwise Angle Addition
` ∀ A B C D. ∼(collinear D, A, B) ∧ ∼(C = D) ∧
anticlockwise D (A,C) ∧
anticlockwise D (C,B) ∧
anticlockwise D (A,B) ⇒
angle (A,D,B) = angle (A,D,C) + angle (C,D,B)
where A, B, C and D represent four points in the Cartesian plane. The predicate collinear
accepts three points and returns True if all these three are collinear, i.e., they lie on a
single straight line. Whereas, the function angle accepts three points (X,Y,Z) and returns
the angle between the vectors XY and ZY.
Based on the fact that the main scope of the presented work is to build formal reasoning
support for kinematic analysis in the plane geometry, we can work with a formal definition
of a two dimensional angle. This choice simplifies our proofs considerably compared to
the case if we had used the generic definition of an angle between n-dimensional vectors.
The angle between two 2-dimensional vectors can be formally defined in terms of the angle
between two n-dimensional vectors (angle) as follows:
Definition 3: Two Dimensional Angle
` ∀ A B C. TDangle (A,B,C) =
plus minus (anticlockwise B (A,C)) * angle (A,B,C)
where the function plus minus accepts a condition C and returns 1 if C is true and -1
otherwise.
26
Definition 4: Plus-Minus
` ∀ plus minus C = (if C then 1 else -1)
The the sign of the angle between two 2-dimensional vectors can be determined based on
the angle of rotation between them.
4.1 Forward Kinematics
Now, we utilize the above mentioned definitions and theorem to formally verify the forward
kinematic relationships, given in Equations (1) and (2). The verification of these equations
is not very straightforward since all the possible scenarios for the link positions have to be
considered for establishing a formal proof of the forward kinematic analysis. For example,
both the links can be in the first quadrant of the Cartesian plane, as depicted in Figure 1,
or one of them may lie in the first quadrant while the other one is in the third quadrant of
the Cartesian plane. Our main motivation here is to verify generic theorems for kinematic
analysis so that they can be used to reason about all possible scenarios.
We proceed in this direction by verifying two sub-theorems for the relationship, given
in Equation (1). The first part deals with the situation when the first link lies in the upper
half of the Cartesian plane while the second link and the end effector may lie any where in
the Cartesian plane.
Theorem 2: X-Component with the First Link in the Upper Half Plane
` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧
anticlockwise (vec 0) (A,B) ∧
anticlockwise (vec 0) (basis 1,A) ⇒
(tl manipulator A B)$1 =
norm (A) * cos (vector angle (basis 1) A) +
norm (B) * cos (vector angle A B + vector angle (basis 1) A)
where A and B are the vectors representing the two links of the manipulator under con-
27
sideration. The first two assumptions are used to avoid mathematical singularities. The
third assumption ensures that the angle from the vector OB to OA, where O represents the
origin (0,0) of the base frame, is taken in the anticlockwise direction, as the function vec
converts 0 to its corresponding null vector. The fourth assumption, i.e., anticlockwise
(vec 0) (basis 1,A), ensures that the vector A lies in the upper half of the Cartesian
plane, i.e., in the first or second quadrant, since a point P (x, y) in the Cartesian plane can
be considered equivalent to the point in the complex-plane with x as its real part and y
as its imaginary part. It is important to note that the allowable range of any angle in the
geometry theory of Hol-Light is [0, π]. The conclusion of Theorem 2 represents Equation
(1) in HOL-Light, since X$1 represents the first components of a two-dimensional vector
X, the function norm accepts a vector and returns its corresponding norm or magnitude,
the function vector angle returns the angle between its two argument vectors and the
function basis 1 returns a vector with magnitude 1 in the x direction only and thus the
angle (vector angle (basis 1) A) represents the angle of the vector A with the x-axis.
The proof of Theorem 2 was done by splitting the main goal into eight subgoals, i.e., four
corresponding to the cases where the first link is in the first quadrant and the end-effector
is in one of the four quadrants one by one and the four corresponding to the case where
the first link is in the second quadrant and the end-effector is in one of the four quadrants
one by one. Some of these cases were verified based on contradiction while the rest were
primarily verified based on Theorem 1 along with vector and geometry theoretic reasoning.
Now we consider the second case when the first link lies in the lower half of the Cartesian
plane while the end effector may lie any where in the Cartesian plane. The corresponding
HOL-Light theorem can be expressed as follows:
Theorem 3: X-Component with the First Link in the Lower Half Plane
` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧
anticlockwise (vec 0) (A,B) ∧
∼(anticlockwise (vec 0) (basis 1,A)) ⇒
(tl manipulator A B)$1 =
28
norm (A) * cos (vector angle (basis 1) A) +
norm (B) * cos (vector angle A B - vector angle (basis 1) A)
The only different assumption in this case is ∼(anticlockwise (vec 0) (basis 1,A)),
which ensures that the vector A lies in the lower half of the Cartesian plane, i.e., in the
third or fourth quadrant. Now, Theorems 2 and 3 along with their counterparts with
the assumption ∼(anticlockwise (vec 0) (A,B)) can be utilized to verify the following
theorem that covers all the possible cases for forward kinematic analysis of the x-component
of the two-link manipulator (Equation 1)
Theorem 4: X-Component of the Two-Link Manipulator
` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ⇒
(tl manipulator A B)$1 =
norm (A) * cos (TDangle (basis 1,vec 0,A)) +
norm (B) * cos (TDangle (A,vec 0,B) +
TDangle (basis 1,vec 0,A))
In a similar way, we also formally verified the forward kinematic equation for the y-
component of the two-link manipulator (Equation 2) as follows:
Theorem 5: Y-Component of the Two-Link Manipulator
` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ⇒
(tl manipulator A B)$2 =
norm (A) * sin (TDangle (basis 1,vec 0,A)) +
norm (B) * sin (TDangle (A,vec 0,B) +
TDangle (basis 1,vec 0,A))
A distinguishing characteristic of Theorems 4 and 5 is the presence of the function
TDangle, which provides us with the exact information about the sign of the corresponding
angle based on the placement of the two links in the Cartesian plane. This fact plays a very
critical role in obtaining the right set of analysis assumptions, as will be seen in Chapter 5
of this thesis.
29
4.2 Inverse Kinematics
In this subsection, we formally verify the expressions for joint angles in terms of the Carte-
sian position of the end-effector. The expression for the angle θ2, which is the phase angle
of the second link with respect to the reference frame of the first link of the two-link manip-
ulator, as shown of Figure 1, can be verified in three main steps corresponding to Equations
(3), (4) and (5). We verified the expression, given in Equation (3), as the following theorem,
Theorem 6: Cos θ2
` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧ ∼(A + B = vec 0) ⇒
cos (vector angle A B) =
((((tl manipulator A B)$1) pow 2) +
(((tl manipulator A B)$2) pow 2) - (norm (A) pow 2) -
(norm (B) pow 2)) / (2 * norm (A) * norm (B))
where A and B are the vectors representing the two links of the manipulator under con-
sideration. Besides the vectors A and B being non-null, their sum is also assumed to be
non-null in this theorem. This assumption is used to make sure that we do not have the
case where both the vectors are equal in magnitude but opposite in direction. Based on our
formal definition of the two link manipulator, (tl manilpulator A B)$1 represents the x-
coordinate and (tl manilpulator A B)$2 represents the y-coordinate of the end-effector.
The function pow is used for real power in HOL-Light. The proof of the above theorem
was primarily based on the Law of Cosines, which is available in the geometry theory of
HOL-Light.
Similarly, the expression of Equation (4) can be verified as the following theorem:
Theorem 7: Sin θ2
` ∀ A B. sin (vector angle A B) =
sqrt(1 - cos (vector angle A B) pow 2)
30
where sqrt represents the HOL-Light function for square root. The proof of this theorem
was also primarily based on some geometry theoretic reasoning and the existing theorems
of the HOL-Light geometry theory were very helpful in this regard. Theorems 6 and 7 can
now be used to verify our final results, i.e. Equation (5), as the following theorem.
Theorem 8: θ2
` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧ ∼(A + B = vec 0) ⇒
vector angle A B =
atn ((sqrt (1 - (cos (vector angle A B) pow 2))) /
cos (vector angle A B))
where atn represent the arc-tangent function in HOL-Light. The proof scripts for the
definitions and theorems, presented in this section, is available at [3] and is composed
of approximately 15,000 lines of code, which took about 700 man-hours of development
time by a new HOL-Light user. The development time includes the time spent to learn
the art of formal reasoning and to understand the definitions and theorems available in
the multivariate and geometry theories of HOL-Light. We found the generic nature of
the geometry theory, formalized in HOL-Light, very useful since most of the commonly
used results can be found there and thus directly used. A significant portion of our proof
script is composed of mapping between Cartesian to Polar coordinate system, which was
required because of the referencing to the base frame for both links of the manipulator.
These mappings had to be interactively done because of the different parameters and thus
conditions involved. Moreover, in all the proofs we had to handle the placement of the links
in each quadrant separately, which also required a considerable amount of human guidance.
The main benefit of the formalization, presented in this section, is that it can be built
upon to model robotic structure and perform the kinematic analysis or formalize other
kinematic analysis related foundations, which will in turn enhance the capabilities of the
proposed formal kinematic analysis approach. To demonstrate the utilization and practical
effectiveness of our results, we utilize them next to conduct the formal kinematic analysis
31
of a biped robot.
32
Chapter 5
Application: Biped Robot
A biped robot [16] can be simply defined as a two-legged walking robot. The biped robots
usually exhibit human-like mobility and have found to be more efficient than the conven-
tional wheeled robots for maneuvering fields with ladders, stairs, and uneven surfaces. The
design and analysis of efficient biped robotic systems has attracted the attention of many
researchers and it has been used as a classical case study for many domains in robotics,
which is the main reason why we have also chosen to use it as an application to demonstrate
the effectiveness of the proposed formal kinematic analysis approach.
The biped robot, depicted in Figure 3, consists of five links, namely the torso (l3),
and the upper legs (thighs), i.e, l2 and l4, and the lower legs, i.e., l1 and l5. These links
are connected via four rotating joints (two hip and two knee), which are considered to be
friction free and each one is driven by an independent DC motor. The two hip joints can
be considered as one joint as the effect of forces is ignored while conducting the kinematic
analysis.
The first step in the proposed formal kinematic analysis approach is to construct a
formal model of the given system in higher-order logic. The definition of the two-link
manipulator plays a vital role in this regard as it can be used to model most of the robot
manipulators. The given biped robot can be formalized as a two-link planar manipulator
where each link is itself a two-link planar manipulator, since both of the legs always move
in the same plane:
Definition 5: Biped Robot
` ∀ A B C D. biped A B C D =
tl manipulator (tl manipulator A B) (tl manipulator C D)
33
I1
xo
yo
O
I1C
os
01
I2C
os
0
I2
I3
I4
I5
I4C
os
04
I5C
os
05
2
I1Sin01 I2Sin02 I4Sin04 I5Sin05
01
02
03
04
05
(xe, ye)
(xb, yb)
Figure 5.1: Biped Robot
It is important to note that only four out of the five links are considered in the above
definition. The reason being that these four links are the ones that can alter the dexterity
and precision of the biped robot. Moreover, the point (xb, yb) of Figure 3 has been taken
as the origin (0, 0) in our formalization.
The next step in the proposed kinematic analysis approach is to formalize the properties
of interest as higher-order-logic proof goals. In the case of the biped robot, we are interested
in verifying the forward kinematic equations:
xe = xb + l1 sin θ1 + l2 sin θ2 + l4 sin θ4 + l5 sin θ5 (5.1)
ye = yb + l1 cos θ1 + l2 cos θ2 − l4 cos θ4 − l5 cos θ5 (5.2)
corresponding to the x and y components of leg l5 of the biped robot, which have been
verified using paper-and-pencil proof method in [16]. Besides formalizing these equations,
we also need to mention the required assumptions in the proof goals but it is often the
case that all the assumptions are not known upfront and we only add the obvious ones.
34
However, the subgoals generated during the proof process provide very useful hints for
identifying any missing assumptions, which may be added to the goal after confirmation
from the mechanical designers. This way, we verified Equation (7) as the following theorem.
Theorem 9: x-component of the Biped Robot
` ∀ l1 l2 l4 l5.
∼(l1 = vec 0) ∧ ∼(l2 = vec 0) ∧ ∼(l4 = vec 0) ∧ ∼(l5 = vec 0) ∧
anticlockwise (vec 0) (l1,l2) ∧ anticlockwise (vec 0) (l5,l4) ∧
anticlockwise (vec 0) (basis 1,11) ∧
anticlockwise (vec 0) (l1,basis 2) ∧
anticlockwise (vec 0) (basis 1,l2) ∧
anticlockwise (vec 0) (l2,basis 2) ∧
anticlockwise (vec 0) (basis 1,l5) ∧
anticlockwise (vec 0) (basis 2,l5) ∧
anticlockwise (vec 0) (basis 2,l4) ∧
∼ collinear basis 1, vec 0, l5 ∧
∼ collinear basis 1, vec 0, l2 ∧
∼ collinear basis 2, vec 0, l4 ⇒
(biped l1 l2 l4 l5)$1 =
norm (l1) * sin (vector angle (basis 2) l1) +
norm (l2) * sin (vector angle (basis 2) l2) -
norm (l4) * sin (vector angle (basis 2) l4) -
norm (l5) * sin (vector angle (basis 2) l5)
where basis 2 represents the y-axis of the Cartesian plane. The first four assumptions
assure that all of the links must have non-zero lengths. The next two provide the angle
measuring conventions between the links of each leg while the next eight assumptions
provide the orientations of the angles, given in Figure 3, under which we are interested in
analyzing the biped robot. For example, the assumptions anticlockwise (vec 0) (basis
35
1,11) and anticlockwise (vec 0) (l1,basis 2) ensure that the angle θ1 of leg l1 of
the robot is considered in the clockwise direction from the x-axis of the base frame and in
the anticlockwise direction with the y-axis of the base frame, or in other words that θ1 lies
in the first quadrant. All of the above mentioned assumptions are obvious and were used
while defining the proof goal. While the next three, involving the function collinear are
not so straightforward and thus were not known before the formal verification of the above
theorem. These assumptions assure that the legs l5 and l2 cannot completely align with
the x-axis of the base frame and the leg l4 cannot align with the y-axis of the base frame.
These three assumptions were identified during the formal verification process of Theorem
9 in HOL-Light. These assumptions constitute an essential requirement for Equation (7)
to hold and interestingly were not mentioned in the paper-and-pencil based proof of that
equation given in [16]. The conclusion of Theorem 9 represents the statement of Equation
(7) but instead of having all positive terms added together, as is the case in Equation (7),
has the addition of two positive and two negative terms. Upon noticing this difference,
we double checked our formalization and assumptions but everything was found to be
consistent with the kinematic diagram of the biped robot, given in Figure (3), which was
also the starting point of the paper-and-pencil proof method based kinematic analysis of
the biped robot from where Equation (7) was verified [16]. Upon further investigation, we
found Equation (7) to be erroneous. The problem may be an outcome of a human error
during the paper-and-pencil based analysis or it may have occurred because of an incorrect
swapping of the signs of the terms of Equations (7) and (8) in the original paper [16] as
we also found a discrepancy in Equation (8), which has been correctly verified under the
same assumptions as follows:
Theorem 10: y-component of the Biped Robot
` ∀ l1 l2 l4 l5.
∼(l1 = vec 0) ∧ ∼(l2 = vec 0) ∧ ∼(l4 = vec 0) ∧ ∼(l5 = vec 0) ∧
anticlockwise (vec 0) (l1,l2) ∧ anticlockwise (vec 0) (l5,l4) ∧
anticlockwise (vec 0) (basis 1,11) ∧
36
anticlockwise (vec 0) (l1,basis 2) ∧
anticlockwise (vec 0) (basis 1,l2) ∧
anticlockwise (vec 0) (l2,basis 2) ∧
anticlockwise (vec 0) (basis 1,l5) ∧
anticlockwise (vec 0) (basis 2,l5) ∧
anticlockwise (vec 0) (basis 2,l4) ∧
∼ collinear basis 1, vec 0, l5 ∧
∼ collinear basis 1, vec 0, l2 ∧
∼ collinear basis 2, vec 0, l4 ⇒
(biped l1 l2 l4 l5)$2 =
norm (l1) * cos (vector angle (basis 2) l1) +
norm (l2) * cos (vector angle (basis 2) l2) +
norm (l4) * cos (vector angle (basis 2) l4) +
norm (l5) * cos (vector angle (basis 2) l5)
Nonetheless, the identification of the problem identifies the dire need of a sound analy-
sis technique in the domain of kinematic analysis of robotic applications, which is quite
cumbersome and thus prone to human errors if done using paper-and-pencil proof method
because of the consideration of all the possible scenarios. The proofs of Theorems 9 and 10
were awfully uncomplicated and mainly based on Theorems 5 and 6 and the proof script
comprises of almost 200 lines of code [3], which undoubtedly shows the worth of our work
in the formal kinematic analysis of everyday life applications.
It is important to note that, besides the identification of a bug in the paper-and-pencil
based proof method of kinematic analysis of the biped robot, another distinguishing feature
of the above theorems, when compared with the corresponding equations verified by paper-
and-pencil proof methods [16], is the exhaustive set of assumptions that accompany them.
Paper-and-pencil proof methods, simulation and numerical method based approach cannot
ascertain the explicit availability of all of the required assumptions for the analysis even
though failing to abide by any one of these assumptions may lead to erroneous system
37
designs, which in turn even result in disastrous consequences in the case of safety-critical
systems. On the other hand, given the intrinsic soundness of theorem proving, all the
required assumptions are always guaranteed to be available along with the formally verified
proofs.
38
Chapter 6
Conclusions and Future Work
This thesis advocates the usage of higher-order-logic theorem proving for kinematic analysis,
which is an essential design step for all robotic manipulators. Due to the high expressiveness
of the underlying logic, we can formally model the geometrical relationships between the
mechanical links and joints in their true form, i.e., without compromising on the precision
of the model. Similarly, the inherent soundness of theorem proving guarantees correctness
of analysis and ensures the availability of all pre-conditions of the analysis as assumptions
of the formally verified theorems. To the best of our knowledge, these features have not
been shared by any other existing computer-based kinematic analysis technique and thus
the proposed approach can be very useful for the kinematic analysis of safety-critical robots.
The main challenge in the proposed approach is the enormous amount of user inter-
vention required due to the undecidable nature of the logic. We propose to overcome
this limitation by formalizing kinematic analysis foundations and verifying their associated
properties. As a first step towards this direction, this thesis presents the formalization of
forward and inverse kinematic analysis of a two-link planar manipulator, which can be built
upon to model many practically used robotic manipulators. Based on this work, we are able
to conduct the formal kinematic analysis of a biped robot in a very straightforward way.
The formal analysis highlighted some of the key missing assumptions in the corresponding
paper-and-pencil based analysis of the same problem [16], which clearly indicates the dire
need of using sound methods for kinematic analysis and usefulness of the ideas presented
in this thesis.
This thesis opens the doors towards a novel and promising usage of theorem proving.
The formal kinematic analysis of many other safety-critical robots can be performed. A
39
classical example would be the widely used Selective Compliant Assembly Robot Arm
(SCARA) [4]. Formal reasoning support for other motion related parameters, such as
displacement, rotation, speed, velocity and acceleration, may also be developed by using
our results along with the topological and analytic foundations for vectors available in
Hol-Light. By extending our coordinate frame from 2D to 3D, we are also working on the
formal verification of the Denavit Hartenberg (DH) parameters [6], which are based on the
convention of attaching the coordinate frame to spatial linkages. This verification will pave
the way for conducting the formal kinematic analysis for a much wider range of robotic
applications.
40
References
[1] J. Avigad, E. Dean, and J. Mumma. A Formal System for Euclid’s Elements. Review
of Symbolic Logic, 2(4):700–768, 2009.
[2] B. Becker, L. Cardelli, H. Hermanns, and S. Tahar. Abstracts collection. In Ver-
ification over Discrete-Continuous Boundaries, number 10271 in Dagstuhl Seminar
Proceedings. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, 2010.
[3] M. Binyameen. Formal Kinematic Analysis of the Two-Link Planar Manipulator using
HOL-Light. http://save.seecs.nust.edu.pk/students/binyameen/tlpm.html, 2013.
[4] N. Chivarov and V. Galabov. Kinematics of Scara Robots. Problems of Engineering
Cybernetics and Robotics, pages 51–59, 2008.
[5] A. Church. A Formulation of the Simple Theory of Types. Journal of Symbolic Logic,
5:56–68, 1940.
[6] J. Denavit and R. S. Hartenberg. A Kinematic Notation for Lower-Pair Mechanisms
based on Matrices. Trans. ASME Journal of Applied Mechanics, 23:215–221, 1955.
[7] J. M. Esposito and K. Moonzoo. Using Formal Modeling with an Automated Analysis
Tool to Design and Parametrically Analyze a Multirobot Coordination Protocol: A
Case Study. Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE
Transactions on, 37(3):285 –297, 2007.
[8] Binyameen Farooq, Osman Hasan, and Sohail Iqbal. Formal kinematic analysis of the
two-link planar manipulator. In ICFEM, pages 347–362, 2013.
[9] L. Fryziel, G. Fried, K. Djouani, S. Iqbal, and Y. Amirat. A Kinematic Analysis for
a Hybrid Continuum Active Catheter. Le Grand Bornand, France, 2008. Proceed-
41
ings oh the 7th France-Japon congress 5th Europe-Asia congress on Mechatronics
(MECHATRONICS 2008).
[10] S. Haddadin, A. Albu-Schaffer, and G. Hirzinger. Requirements for Safe Robots:
Measurements, Analysis and New Insights. International Journal of Robotics Research,
28(11-12):1507–1527, 2009.
[11] J. Harrison. The HOL Light Theory of Euclidean Space. Automated Reasoning,
50(2):173–190, 2013.
[12] John Harrison. Without loss of generality. In TPHOLs, pages 43–59, 2009.
[13] Osman Hasan and Sofiene Tahar. Probabilistic analysis of wireless systems using
theorem proving. Electr. Notes Theor. Comput. Sci., 242(2):43–58, 2009.
[14] Y. Hurmuzlu, F.Ganot, and B. Brogliato. Modeling, Stability and Control of Biped
Robots: general framework. Automatica, 10, 2004.
[15] S. Iqbal, S. Mohammed, and Y. Amirat. A Guaranteed Approach for Kinematic
Analysis of Continuum Robot Based Catheter. In Robotics and Biomimetics, pages
1573–1578, 2009.
[16] H. K. Lum, M. Zirbi, and Y.C. Soh. Planning and Control of a Biped Robot. Inter-
national Journal of Engineering Science, 37:1319–1349, 1999.
[17] J.P. Merlet. A Formal Numerical Approach for Robust In-Workspace Singularity
Detection. IEEE Transactions on Robotics, 23:393–402, 2007.
[18] Richard M. Murray, Zexiang Li, and Shankar Sastry. A mathematical introduction to
robotics manipulation. CRC Press, 1994.
[19] D. Myszka. Machines and Mechanisms: Applied Kinematic Analysis. Prentice Hall,
4/e edition, 2011.
42
[20] L. C. Paulson. ML for the Working Programmer. Cambridge University Press, 1996.
[21] D. Petrovic and F. Maric. Formalizing Analytic Geometries. In Automated Deduction
in Geometry, 2012.
[22] T.M. Pham, Y. Bertot, and J. Narboux. A Coq-based Library for Interactive and
Automated Theorem Proving in Plane Geometry. In Computational Science and
Its Applications, volume 6785 of Lecture Notes in Computer Science, pages 368–383.
Springer-Verlag, 2011.
[23] M. Proetzsch, K. Berns, T. Schuele, and K. Schneider. Formal Verification of Safety
Behaviours of the Outdoor Robot RAVON. In Informatics in Control, Automation
and Robotics, pages 157–164, 2007.
[24] J. Ras and A.M.K.Cheng. On Formal Verification of Toyota’s Electronic Throttle
Controller. In Systems Conference (SysCon), 2011.
[25] B.E. Shores and M.A. Minor. Design, Kinematic Analysis, and Quasi-steady Control
of a Morphic Rolling Disk Biped Climbing Robot. In Robotics and Automation, pages
2721–2726, 2005.
[26] C. Sloth. Formal Verification of Continuous Systems. PhD thesis, Aalborg University,
2013.
[27] C. Sloth and R. Wisniewski. Abstractions for Mechanical Systems. IFAC Workshop
Series, pages 96–101, 2012.
[28] M. W. Spong, S. Hutchinson, and M. Vidyasagar. Robot Modeling and Control. Wiley,
first edition, 2005.
[29] D. Walter, H. Taubig, and C. Luth. Experiences in applying Formal Verification in
Robotics. In Computer safety, reliability, and security, pages 347–360. Springer-Verlag,
2010.
43
[30] Y. Wang and G.S. Chirikjian. Propagation of Errors in Hybrid Manipulators. In
International Conference on Robotics and Automation, pages 1848–1853, 2006.
[31] Wolfram Research, www.wolfram.com. Mathematica Mechanical Systems: Kinematic
and Dynamic Analysis in Mathematica, third edition, 2005.
[32] T. Yoshikawa. Manipulability of Robotic Mechanisms. The International Journal of
Robotics Research, 4(2):3–9, 1985.
44