Contents

1. Abstract
2. Outline
3. Session Schedule
4. Tutorial Material
5. Organizers

Abstract

This tutorial is targeted at ROS roboticists (i.e., developers of robotics software), first and foremost, but also at software engineers (researchers or otherwise) interested in the domain of robotics software. Our main goal is to reinforce the idea that software for robotic systems is becoming progressively more complex, despite the existence of established software ecosystems like ROS.

Ensuring that software works as intended is a crucial (but not trivial) task, but proper quality assurance processes are rarely seen in the open-source robotics community. There are several tools capable of improving ROS software and detecting a variety of issues early in the development process; HAROS is among such tools and offers a variety of analyses integrated in a unified interface. Furthermore, over the past five years, it has been gaining traction among the ROS community, namely in the ROS-Industrial and ROS Quality Assurance groups.

The main value, and outcome, for the participants of this tutorial is to learn how to use automated analysis tools specifically targeting ROS software, how to interpret analysis results and how to integrate such tools and workflows within their own projects. This is particularly relevant if advanced robots are to be marketable, and eventually certified, in safety-critical contexts.

Outline

This tutorial will introduce participants to techniques to improve the overall dependability of their ROS applications, and how the HAROS framework can aid roboticists in this process. We will present HAROS, and some of its core analysis plug-ins, and show how it can be used to support robotic software developers through various stages and techniques of software Quality Assurance. Namely, we will start with static analyses focused on general code quality (quality metrics, coding standards), then move into domain-specific static analyses (reverse engineering and analysing architectural models), and finally delve into behaviour specification and verification (via advanced testing or model checking).

It is assumed that the attendees are comfortable with the basics of ROS programming (how to code, build and run a basic ROS system, what are nodes, topics, messages, etc.). Basic knowledge in software Quality Assurance (coding standards, code quality metrics, modelling, testing, etc.) is not required, but good to have.

Session Schedule

In addition to the pre-recorded videos shared in the Tutorial Material section, a live session will also be held during the conference. This live session will skim through the contents of the pre-recorded videos, and will focus more on the hands-on exercises as well as questions from the participants.

The live session will take place on Monday 27-09-2021, at 14:30 CEST, in Hall 15 of the IROS 2021 platform.

Tutorial Material

This tutorial includes a base ROS project for a fictitious robot to use HAROS on. This ensures that all participants can follow a common learning path, even though the learning outcomes can be applied to any ROS project (and we encourage participants to apply HAROS to their own projects). All the reading and practical material for this tutorial can be found at the HAROS Tutorials repository.

I – Introduction to the HAROS Framework

The first few minutes will be dedicated to getting all participants up to speed with basic Quality Assurance concepts used in software engineering (e.g., metrics, coding standards, testing, verification), the HAROS framework and the outline of the tutorial. We will use this brief period to provide a general overview of the tool (What is it?), its capabilities (What does it do?) and past use cases (How has it been used in practice?).

II – Internal Code Quality

The first session is intended to get the participants acquainted with the command-line and graphical interfaces of the HAROS tool by focusing on the low-hanging fruit of software code quality. More specifically, we will apply HAROS to a sample ROS project, Fictibot, to determine its compliance with certain coding standards and quality metrics thresholds.

These analyses are ROS-agnostic, and fully automatic, requiring very little user input. While the results are not the most exciting, they allow users to navigate through the analysis reports produced by HAROS and learn about basic (yet important) concepts for teamwork in software development, such as how to improve the readability and maintainability of the code. The hands-on exercises will consist of executing the tool, interpreting the first (basic) batch of reported issues, and fixing the code of Fictibot, so that the issues are resolved.

III – Analysis of System Architectures

The second session moves progressively into more advanced (and ROS-specific) static analyses. We will show how participants can extract the runtime architectural model of a ROS system (the computation graph) using HAROS, how to visualize it graphically, and how such complex analyses may be unable to fully determine all values at compile time. We will then show the extraction hint system of HAROS, a form of user input that fixes errors in the automatically extracted models and adds entities that the tool might miss completely.

In a way, the goal of this session is to show that, as we diverge from fully automatic analyses, we are able to obtain more and more benefits (still with minimal input). After introducing the participants to the architectural models, we will show how one of the plug-ins of HAROS lets users specify queries over the architectural model, to detect faulty or concerning patterns - e.g., type checking messages exchanged between processes at compile time, a feature that ROS lacks. The hands-on component of this session will ask participants to extract the architectural model of the Fictibot system, and refine it with extraction hints, until it becomes fully accurate. Then, we will ask participants to run a few example queries over the extracted models, and to define a few other queries themselves, based on the examples. Lastly, we will look at the reported analysis issues, and propose fixes to the code.

IV – Analysis of System Behaviour

While the second session focused on identifying and fixing static, structural issues of a robotic application, this session focuses on the dynamic aspects of a ROS application and on providing roboticists means to verify whether a ROS application is behaving as expected. One of the main challenges of this process is the actual identification and formalization of the expected behaviour of reactive systems such as those in robotics. Once that behaviour specification is provided, advanced analysis techniques can be deployed to check whether they effectively hold in the system under analysis.

The HAROS platform provides a ROS-tailored specification language to specify the behaviour of individual nodes and expected system-wide properties, and plug-ins to automatically verify such properties statically (through model checking) and dynamically (through property-based testing). The goal of this session is to exercise property specification using HAROS’s specification language and get acquainted with well-known specification patterns, and understand how HAROS is then able to verify whether the system conforms to them. In the hands-on section, attendees will be asked to write specifications for the running example already used in the previous sessions, Fictibot, and to interpret, localize and fix issues identified during the automated analyses.

V – Conclusion

The participants will not have an opportunity to experiment with all HAROS plug-ins during the hands-on sessions. This last session will quickly present other available plug-ins, as well as some others still under development that could be soon made available. Perhaps more relevant, it will also provide a quick overview on how users can design and integrate new HAROS plug-ins, either wrapping up existing analysis procedures or developing new ones.

Organizers

• Nuno Macedo, PhD, HASLab @ INESC TEC and FEUP
• André Santos, PhD, HASLab @ INESC TEC and Vortex CoLab