A Formal Approach to Deployment of Robotic

Teams in an Urban-Like Environment

Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

Abstract We present a computational framework for automatic synthesis of con-

trol and communication strategies for a robotic team from task specifications given
as regular expressions about servicing requests in an environment. Our approach is
based on two main ideas. First, we extend recent results from formal synthesis of
distributed systems to check for the distributability of the task specification and to
generate local specifications, while accounting for the service and communication
capabilities of the robots. Second, by using a technique inspired from LTL model
checking, we generate individual control and communication strategies. We illus-
trate the method with experimental results in our Robotic Urban-Like Environment.

1 Introduction

The goal in robot motion planning and control is to be able to specify a motion task
in a rich, high level language and have the robot(s) automatically convert this speci-
fication into a set of low level primitives, such as feedback controllers and commu-
nication protocols, to accomplish the task [12, 5, 13]. In most of the existing works,
the motion planning problem is simply specified as “go from A to B while avoiding
obstacles” [12]. However, there are situations in which this is not enough to capture
the nature of the task. Consider, for example, the miniature Robotic Urban-Like En-
vironment (RULE) shown in Fig. 1, where a robot might be required to “Visit Road
R1 or Road R2 without crossing Intersection I3 , and then park in an available park-
ing space,” while at same time obeying the traffic rules. Such a “rich” specification
cannot be trivially converted to a sequence of “go from A to B” primitives.

Yushan Chen, Xu Chu Ding and Calin Belta

Boston University, Boston, MA, US, e-mail: yushanc,xcding,[email protected]
Alin Stefanescu
SAP Research, Darmstadt, Germany, e-mail: [email protected]

1
2 Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

When several robots are available, the problem becomes even more interesting
and challenging. Assume that several service requests occur at different locations
in the city, and they need to be serviced subject to some temporal and logical con-
straints. Some of these requests can be serviced by one (possibly specific) robot,
while others require the collaboration of two or more (possibly specific) robots.
For example, assume that the task is to assemble a piece of machinery in location
P1 or P2 from two components that can be found at P3 and P4 . The assembly re-
quires the cooperation of two robots, and the collection of the components needs to
be performed in parallel. Can we generate provably-correct individual control and
communication strategies from such rich, global specifications? This is the problem
that we address in this paper.
It has been advocated as far back as [1] and more recently in [14, 7, 22] that
temporal logics, such as Linear Temporal Logic (LTL) and Computation Tree Logic
(CTL) [6], can be used as “rich” specification languages in mobile robotics. All of
the above works suggest that the corresponding formal verification (model check-
ing) algorithms can be adapted for motion planning and controller synthesis from
such specifications. Some related works show that such techniques can be extended
to multi-agent systems through the use of parallel composition [17, 11] or reactive
games [8]. However, such bottom-up approaches are expensive and can lead to state-
space explosion even for relatively simple problems. As a result, one of the main
challenges in the area of motion planning and control of distributed teams based on
formal verification is to create provably-correct, top-down approaches in which a
global, “rich” specification can be decomposed into local (individual) specifications,
which can then be used to automatically synthesize robot control and communica-
tion strategies. In such a framework, the construction of the parallel composition
of the individual motions is not necessary, and therefore the state-space explosion
problem is avoided.
In this paper, we draw inspiration from the area of distributed formal synthesis
[16] to develop such a top-down approach. We consider a team of robots that can
move among the regions of a partitioned environment, and which have known ca-
pabilities of servicing a set of requests that can occur in the regions of the partition.
Some of these requests can be serviced by a robot individually, while some require
the cooperation of groups of robots. We present an algorithm that allows for the
fully automatic synthesis of robot control and communication strategies from a task
specification given as a regular expression over the set of requests. For simplicity

Fig. 1 Robotic Urban-Like

Environment (RULE). Khep-
era III car-like robots move
autonomously on streets while
staying in their lanes, obeying
traffic rules, and avoiding
collisions.
A Formal Approach to Deployment of Robotic Teams in an Urban-Like Environment 3

of presentation, we model the environment as a graph and the robots as agents that
can move between adjacent vertices and can communicate only when at particu-
lar vertices. This framework is quite general and can be used in conjunction with
cell decomposition motion planning techniques [5]. In particular, by using feedback
controllers for facet reachability polytopes [9, 2], this scenario can be extended to
robots with continuous dynamics moving in environments with polytopic partitions.
The contribution of this work is threefold. First, we develop a top-down compu-
tational framework for automatic deployment of mobile agents from global speci-
fications given as regular expressions over environmental requests. This is a signif-
icant extension of our recent work [3] by enlarging the class of specifications for
which a solution exists. Second, we provide a relaxation to the standard problem of
distributed synthesis modulo synchronous products and language equivalence [16].
Specifically, we show how a satisfying distributed execution can be found when the
global specification is only a traced-closed language, rather than a product language.
This extends our previous work [20], in which we provided two heuristics for the
case of asynchronous automata. Third, we implement and illustrate the computa-
tional framework in our Khepera-based Robotic Urban-Like Environment (Fig. 1).
In this experimental setup, the robots can be automatically deployed from specifica-
tions given as regular expressions over requests occurring at regions in the city.

2 Preliminaries

Throughout this paper, we assume that the reader is familiar with automata theory
[10, 23]. In this section, we merely review some concepts and introduce the notation.
For a set Σ , we use |Σ | and 2Σ to denote its cardinality and power set, respec-
tively.
S
A collection of subsets ∆ = {Σi ⊆ Σ , i ∈ I} is called a distribution over Σ if
i∈I Σ i = Σ , where I is an index set. A word is a sequence of symbols from Σ . We
denote Σ ∗ as the set of all finite words over Σ . A language is a set of words.
Definition 1. A finite state automaton (FSA) is a tuple A = (Q, q0 , Σ , →A , F), where
Q is the set of states, q0 ∈ Q is the initial state, Σ is the set (alphabet) of actions,
→A ∈ Q × Σ × Q is the transition relation, and F ⊆ Q is the set of accepting states.
σ
We also write q −→A q0 to denote (q, σ , q0 ) ∈→A .
We denote L (A) as the language accepted by an FSA A. The language of an
FSA is called a regular language, which can be concisely represented by a regular
expression (RE). Given an RE, an FSA accepting all and only the words satisfying
the RE can be constructed by using an off-the-shelf tool, such as JFLAP [18].
Definition 2. The synchronous product (SP) of n FSAs Ai = (Qi , q0i , Σi , →Ai , Fi ),
denoted by kni=1 Ai , is an FSA A = (Q, q0 , Σ , →A , F), where Q = Q1 × Q2 × . . . ×
Qn , q0 = (q01 , q02 , . . . , q0n ), Σ = ∪ni=1 Σi , and F = F1 × F2 × . . . × Fn . The transition
σ σ
relation →A ⊆ Q × Σ × Q is defined by q − →A q0 iff ∀ i ∈ Iσ : q[i] −
→Ai q0 [i] and ∀ i ∈
/
Iσ : q[i] = q0 [i], where q[i] denotes the ith component of q and Iσ = {i ∈ {1, . . . , n} |
σ ∈ Σi }.
4 Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

For convenience, in the particular case when Σ1 = Σ2 = Σ , we use A1 × A2 to

denote k2i=1 Ai . Moreover, L (A × B) = L (A) ∩ L (B) ([23]). An FSA ¬A is defined
as an FSA that accepts the language L (A) where L (A) := Σ ∗ \L (A).
For a word w ∈ Σ ∗ and a subset S ⊆ Σ , we denote by w S the projection of w
onto S, which is obtained by erasing all actions σ in w that do not belong to S. For
a language L ⊆ Σ ∗ and a subset S ⊆ Σ , we denote by L S the projection of L onto
S, which is given by L S := {w S | w ∈ L}. Starting from the observation that the
projection of a regular language is a regular language, the projection of an FSA A on
a subset S ⊆ Σ is another FSA (denoted by A S ) accepting the language L (A) S ,
through ε-closure, determinization and minimization ([19]).
Definition 3. Given a distribution ∆ of Σ , the product of a set of languages Li over
Σi is denoted by ki∈I Li and defined as ki∈I Li := {w ∈ Σ ∗ | w Σi ∈ Li for all i ∈ I}.
A product language over a distribution ∆ of Σ is a language L such that L =ki∈I Li ,
where Li = L Σi for all i ∈ I.
Definition 4. Given a distribution ∆ of Σ and w, w0 ∈ Σ ∗ , we say that w is trace-
equivalent to w0 (w ∼∆ w0 ) iff w Σi = w0 Σi , ∀i ∈ I. We denote by [w]∆ the trace-
equivalence class of w ∈ Σ ∗ . A trace-closed language over a distribution ∆ of Σ is
a language L such that for all w ∈ L, [w]∆ ⊆ L.
The class of trace-closed languages is closed under the operations of union, in-
tersection and complementation. Note that a product language is trace-closed (but
the converse is not true) ([15, 19, 21]).

3 Problem Formulation and Approach

Let
E = (V, →E ) (1)
be an environment graph, where V is the set of vertices and →E ⊆ V ×V is a relation
modeling the set of edges. For example, E can be the quotient graph of a partitioned
environment, where V is a set of labels for the regions in the partition, and →E is
the corresponding adjacency relation. In particular, V can be a set of labels for the
roads, intersections, and parking spaces in an urban-like environment and →E can
show how these are connected (see Fig. 2). Assume we have a team of mobile robots
Ai , i ∈ I, whose motions are restricted by E , where I is a set of robot labels.
Let Σ be a set of service requests, or actions to be performed at the vertices of
E . The locations of the service requests are defined as a function a : Σ → V (i.e.,
different requests can occur at the same vertex but vertices do not share requests).
There may be no request at some vertices of E .
We model the capacity of the robots to service requests and cooperation among
robots as a distribution ∆ over Σ (i.e. ∪i∈I Σi = Σ ). Σi is the set of requests that can be
serviced by the robot Ai . For a given request σ ∈ Σ , we define Iσ = {i ∈ I | σ ∈ Σi },
i.e., Iσ is the set of labels of all the agents that can service request σ . The semantics
A Formal Approach to Deployment of Robotic Teams in an Urban-Like Environment 5

of this distribution is defined as follows. For an arbitrary request σ , if |Iσ | = 1 (i.e.,

there is only one agent that owns it), the agent can (and should) service the request
by itself, independent of the other agents. If |Iσ | > 1, all the agents Ai with i ∈ Iσ
must service the request simultaneously. An agent is said to service a request σ if
it visits the vertex a(σ ). We assume that two or more robots can communicate only
when they are at vertices at which shared requests occur.
We model the motion capabilities of each agent Ai , i ∈ I on the environment
graph E as a transition system Ti , defined as follows:

Ti = (V, v0i , →i , Π , i ), i ∈ I, (2)

where v0i ∈ V is the initial state representing the initial location of Ai , →i ⊆ V ×V

is a reflexive transition relation satisfying →i ⊆→E ∪v∈V {(v, v)}, Π = Σ ∪ {ε} is a
finite set of observations, ε is the empty request, and i ⊆ V × Π is a satisfaction
relation where (v, ε) ∈i , ∀v ∈ V and (v, σ ) ∈i , σ ∈ Σi , iff a(σ ) = v. A transi-
tion (v, v0 ) ∈→ is also denoted by v → v0 . For an arbitrary state v ∈ V , we define
Πv = {π ∈ Π | (v, π) ∈} ∈ 2Π as the set of all observations satisfied at v. A trajec-
tory of Ti is a sequence v(0)v(1) . . . v(n) with the property that v(0) = v0i , v(i) ∈ V ,
and (v(i) → v(i + 1)), ∀i > 0. We say a trajectory v = v(0)v(1) . . . v(n) of Ti satisfies
a word w = w(0)w(1) . . . w(n) if w(i) ∈ Πv(i) , ∀i > 0. In other words, the motion
of robot Ai is restricted by the transition relation →i , which captures motion con-
straints in addition to →E . The locations of the requests in the environment are cap-
tured by relation i . As it will become clear later, each vertex satisfying ε captures
that a robot can pass through a vertex without servicing any request.
Definition 5. A motion and service plan (or MS plan for short) for robot Ai , i ∈ I
is a word msi ∈ (V ∪ Σi )∗ that satisfies the following conditions: (1) msi (1) = v0i ,
(2) if msi ( j) ∈ Σi , then msi ( j − 1) ∈ V and msi ( j) ∈ Πmsi ( j−1) (i.e. msi ( j − 1) =
a(msi ( j))), for all j > 1 and (3) if msi ( j) ∈ V and msi ( j − 1) ∈ V , then (msi ( j −
1), msi ( j)) ∈→i , for all j > 1. A motion plan for robot Ai , i ∈ I, defined as mi =
msi V , can be obtained from the MS plan by deleting all request entries msi ( j) ∈ Σi .
Similarly, a service plan for robot Ai , i ∈ I, is defined as si = msi Σi , can be obtained
from the MS plan by deleting all motion entries msi ( j) ∈ V .
The semantics of an MS plan is as follows. A vertex entry msi ( j) ∈ V means that
the vertex msi ( j) should be visited. A request entry msi ( j) ∈ Σi , means that robot
Ai should service request msi ( j) at vertex msi ( j − 1). A request entry msi ( j) ∈ Σi ,
where |Imsi ( j) | > 1, following a vertex entry msi ( j − 1) ∈ V , triggers a wait-and-
leave protocol: While at msi ( j − 1), robot Ai broadcasts request msi ( j) and listens
for broadcasts of msi ( j) from all agents A j , j ∈ Imsi ( j) \ {i}. When they are all
received, the request msi ( j) is serviced and then Ai moves to the next vertex.
Note that by the definition (conditions (2) and (3)) of an MS plan msi , the motion
plan mi = msi V is a trajectory of Ti satisfying a word wi ∈ (Σi ∪ ε)∗ , where its
corresponding service plan si = msi Σi is equal to wi Σi . We say that a word si can
be implemented by the robot Ai if there exists a MS plan msi such that msi Σi = si .
Given a set of service plans {si , i ∈ I} for the robot team, there may exist many
possible sequences of requests serviced by the team due to parallel executions of
6 Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

individual agents (we do not assume that we know the time it takes for each agent
to service requests). For a given set of MS plans msi , i ∈ I, we denote

Lteam
MS ({msi , i ∈ I}) :=ki∈I {si }, where si = msi Σi , (3)

(see Def. (3)) as the set of all possible sequences of requests serviced by the team
of robots Ai , i ∈ I while they follow their individual MS plans msi . For simplicity of
notations, we usually denote Lteam team
MS ({msi , i ∈ I}) as LMS when there is no ambiguity.
We say that the motion of the team with MS plans {msi , i ∈ I} satisfies a specification
given as an RE φ over Σ if Lteam MS 6= 0/ and all words in Lteam team
MS satisfy φ (i.e. LMS ⊆
L (A), where A is an FSA accepting only the words satisfying φ ).

Remark 1. For a set of MS plans, the corresponding Lteam MS could be an empty set by
the definition of product of languages (since there may not exist a word w ∈ Σ ∗ such
that w Σi = si , ∀i ∈ I). In practice, this case corresponds to a scenario where one (or
more) agent waits indefinitely for other agents to service a request σ that is shared
among these agents. For example, if σ does not appear in the service plan of one of
the agent who owns σ but it appears in the service plans of some other agents, then
all those agents will be stuck in a “deadlock” state and wait indefinitely. When such
a deadlock scenario occurs, the motion of the team does not satisfy the specification.

We are now ready to formulate the main problem:

Problem 1. Given a team of agents Ai , i ∈ I with motion capabilities Ti (Eqn. (2)),

a set of service requests Σ , a task specification φ in the form of an RE over Σ , and
a distribution ∆ over Σ , find a set of MS plans {msi , i ∈ I} such that the motion of
the team satisfies φ .

Remark 2. We made some apparently restrictive assumptions in the formulation of

Prob. 1: we assumed that the vertices do not share requests and that the robots can
communicate only when they are in the same vertex. They are made for the sim-
plicity of notation. To relax the first assumption, we can use a relation instead of a
function to define the locations of requests. The second assumption can be relaxed
by introducing a communication relation on V (i.e. a communication graph).

In the case that Prob. 1 has a solution, for each MS plan msi , a robot generates
a control and communication strategy, which is a finite sequence of control primi-
tives, interrupts, and communication protocols. To guarantee the uniqueness of this
strategy, we assume that each robot is equipped with a set of motion primitives (feed-
back controllers), such that the selection of a motion primitive at a vertex uniquely
determines the next vertex, given that the robot is properly initialized and the his-
tory of visited vertices is known. In other words, we assume that Ai can follow any
trajectory of Ti (see Sec. 5).
Our approach to solve Problem 1 can be summarized as follows. We first gener-
ate an “implementable” FSA for each robot, which captures all the possible service
plans that can be implemented by the robot (Sec. 4.1). Then, if the language satisfy-
ing the global specification φ is trace-closed, we generate a solution to the problem.
A Formal Approach to Deployment of Robotic Teams in an Urban-Like Environment 7

Otherwise, we attempt to construct an FSA whose language is trace-closed and sat-

isfies the global specification. If we succeed (the language of this FSA is not empty),
then we use it to generate a solution (Sec. 4.2.) Our overall approach is summarized
as a provably-correct algorithm in Sec. 4.2.
In our previous work [3], we provided a solution to Prob. 1 by following the
“standard” approach to distributed synthesis modulo synchronous products and lan-
guage equivalence [16]. As a result, our approach was conservative, since we could
only generate a solution for the particular case when the language satisfying φ was a
product language (Def. 3). In this paper, we show that we can find a solution to Prob.
1 if the language satisfying φ is trace-closed. Since trace-closed languages are less
restrictive than product languages (i.e. product languages are trace-closed but not
vice versa), we significantly reduce the conservatism from our previous approach.
In addition, our current approach is less expensive. Indeed, checking whether a lan-
guage is trace-closed is linear in the size of the FSA accepting the language, while
checking whether a language is a product language is PSPACE-complete [19].

4 Synthesis of local MS plans from the global specification

We omit all the proofs in this section due to space limitations. They are available in
our detailed technical report [4].

4.1 Synthesis of the local implementable specifications

We begin with the conversion of the specification φ over Σ to a minimal and de-
terministic FSA A = (Q, q0 , Σ , →, F), which accepts exactly the language over Σ
that satisfies φ (using JFLAP [18]). We call A the global specification. Given the
distribution ∆ , we assign requests to each agent. Specifically, we construct a set
of projected FSAs Ai = (Qi , q0i , Σi , →Ai , Fi ) whose languages are the projections of
L (A) onto the local alphabets Σi , i ∈ I (see Sec. 2). The projected FSAs are used as
a starting point to find a solution to Prob. 1 because of the following proposition.

Proposition 1. If a set of MS plans {msi , i ∈ I} is a solution to Prob. 1, then its corre-

sponding service plans si = msi Σi are accepted words of Ai (i.e. si ∈ L (Ai ), ∀i ∈ I).

However, to provide a provably correct solution for Prob. 1, it is not sufficient to

simply choose an arbitrary accepted word from the projected FSAs Ai to be a service
plan si . We need to make sure that the service plan si can be implemented by robot
Ai and all possible sequences of requests serviced by the team satisfy φ . To satisfy
the first requirement, we aim to find an FSA AEi for each i ∈ I such that the language
of AEi equals all the accepted words of Ai that can be implemented by the agent Ai
in the environment. We address the second requirement in the next sub-section.
8 Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

To obtain AEi , we construct a new FSA A bi from Ai by adding the action ε to Σi

and self-transitions (q, ε, q) to each state q ∈ Qi . For a robot, the action ε means that
no request is serviced. We denote the set of all these self transitions by →εi . The
FSA Abi , i ∈ I, can now be defined as:

A bi , qb0 , Σbi , → b , Fbi ),

bi = (Q (4)
i A i

where Q bi = Qi , qb0 = q0 , Σbi = Σi ∪ {ε}, → b =→A ∪ →ε , and Fbi = Fi .

i i Ai i i
It is important to note that these self-transitions do not affect the semantics of Ai ,
since they mean that if no request is served by robot Ai , then the state of the Ai re-
mains the same. Given a word w b ∈ L (Abi ), we can obtain a word w = wb Σi ∈ L (Ai ).
Note that the input ε corresponds to the observation ε in the transition system Ti and
the set of inputs Σbi of A
bi is a subset of the observations Π of Ti .
To restrict the trajectories of a TS Ti with a set of observations Π to the language
accepted by an FSA with a set of actions Σbi ⊆ Π , we define the following product
automaton, which is inspired from LTL model checking [6]:
Definition 6. (Adapted from [7]) The product automaton Pi = Ti ⊗ A bi between the
transition system Ti = (V, v0i , →i , Π , i ) and the FSA A
bi = (Q bi , qb0 , Σbi , → b , Fbi ), is
i Ai
an FSA Pi = (QP , q0 , ΣP , →P , FP ), where QP = V × Q
i Pi i i i
bi , q0 = (v0 , qb0 ) is the set
i Pi i i

of initial states, ΣPi = Σbi ⊆ Π is the set of inputs and FPi = V × Fbi is the set of
accepting (final) states. The transition relation →Pi ⊆ QPi × ΣPi × QPi is defined as
σP σP
i
(v, q) −−→ 0 0 0 i 0
Pi (v , q ) iff v →i v , q −
−→ b q and σPi ∈ Πv .
A i
σ
A transition (v, q) − →P (v0 , q0 )
of Pi exists iff (v, v0 ) ∈→i and request σ occurs
at vertex v, i.e. a(σ ) = v. Transitions with input ε mean that a robot is moving
from one vertex v to vertex v0 (v may be equal to v0 ) without servicing any request.
rPi = (vi (0), qbi (0)) . . . (vi (n), qbi (n)), where qbi ( j) ∈ Q
bi , vi ( j) ∈ V and j ∈ {1, . . . , n}
is a run accepted by the product automaton Pi , i ∈ I. We define the projection of
rPi onto Ti as γTi (rPi ) = vi (0) . . . vi (n). The following proposition shows that we can
use a run of Pi to find a trajectory of Ti satisfying the local specification (a word of
L (A bi )).

Proposition 2. Given any word wAb ∈ L (A

bi ), there exist at least one trajectory of
i
Ti satisfying wAb iff wAb ∈ L (Pi ).
i i

Finally, we obtain AEi that captures L (Pi ) by removing environment informa-

tion stored in Pi . To achieve this, we collapse the states of Pi , by taking ε-closure,
determinizing, and minimizing Pi . The interested readers are referred to [10] for
more details about these procedures. Thus, given a word w ∈ L (AEi ), there exists
a word w0 ∈ L (Pi ) such that w0 Σi = w. Using this fact, the following proposition
shows that AEi captures the largest subset of L (Ai ) which can be implemented by
the robot Ai in the environment.
Proposition 3. A word wEi ∈ L (Ai ), i ∈ I, can be used to generate a MS plan msi
for Ai , such that msi Σi = wEi , if and only if wEi ∈ L (AEi ).
A Formal Approach to Deployment of Robotic Teams in an Urban-Like Environment 9

4.2 Synthesis of individual MS plans

To solve Prob. 1, we need to guarantee that all possible sequences of request ser-
viced by the team of robots following their MS plans satisfy the global specifica-
tion. More specifically, we aim to find a set of service plans {si , i ∈ I} such that
ki∈I {si } ⊆ L (A) and ki∈I {si } =
6 0.
/ The following proposition shows that a trace-
closed language is sufficient to satisfy this requirement and s Prob. 1:

Proposition 4. Given a language L and a distribution ∆ of Σ , if L is a trace-closed

language and w ∈ L, then ki∈I {w Σi } ⊆ L.

Our approach aims to construct an FSA AG whose language is both trace-closed

and included in L (A). By Prop. 4, an arbitrary word accepted by AG can be used to
generate a set of service plans satisfying the desired requirement by projecting this
word onto the given distribution ∆ . Furthermore, we use the synchronous product
(SP) of the local implementable specifications generated in the previous sub-section
to ensure that the obtained service plans can be implemented by individual agents.
This is achieved by taking product of automata, which produces intersection of reg-
ular languages.
Specifically, to find AG , we first check if L (A) is trace-closed. An algorithm
that checks this property for an arbitrary FSA can be found in [4]. If L (A) is
trace-closed, then we define AG = A× ki∈I AEi . Otherwise, we define AG = ¬(ki∈I
Bi )× ki∈I AEi , where Bi = B Σi and B =ki∈I AEi × (¬A). In this second case, AG
is constructed specifically to remove words w ∈ L (ki∈I AEi ) that cannot be used
to generate desired individual service plans for the robots (i.e. ki∈I {si = w Σi } *
L (A)). The following proposition shows that AG satisfies the desired requirement.

Proposition 5. L (AG ) is a trace-closed language and L (AG ) ⊆ L (A).

If L (AG ) is not empty, then a solution to Prob. 1 can be found by picking any
accepted word of AG . In this paper, we obtain this word wg by using a backward
reachability search starting from the set of accepting states and ending at the ini-
tial state. In a particular application, any optimization criterion can be used. Once
obtained, wg is projected onto the given distribution to generate a set of MS plans.
The overall approach proposed in this section is summarized in Alg. 1. In the
following theorem, we show that the solution obtained by Alg. 1 is provably correct.

Theorem 1. If L (AG ) 6= 0,/ then Alg.1 returns a solution to Prob. 1, i.e. , a set of
MS ⊆ L (A) and LMS 6= 0.
MS plans {msi , i ∈ I} such that Lteam team /

Remark 3 (Completeness). In the case that L (A) is trace-closed, our approach is

complete in the sense that we find a solution to Prob. 1 if one exists. This follows
directly from Prop. 3 and the definition of product of languages. If L (A) is not
trace-closed, a complete solution to Prob. 1 requires one to find a non-empty trace-
closed subset of L (A) if one exists. This problem is undecidable (the proof is in
[4]). Therefore, our overall approach to Prob. 1 is not complete.
10 Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

Algorithm 1 : Construction of a set of MS plans from a global specification

Input: A RE φ , a distribution ∆ , and a set of TS {Ti = (V, v0i , →i , Π , i ), i ∈ I}
1: Convert φ to a deterministic and minimal FSA A and construct {Ai , i ∈ I} (Ai = A Σi , ∀i ∈ I)
2: Construct {A bi , i ∈ I} from {Ai , i ∈ I} (Eqn. 4) and {Pi = A bi ⊗ Ti , i ∈ I} (Def. 6)
3: Take ε-closure, determinize, and minimize Pi to obtain {AEi , i ∈ I}, where L (AEi ) = L (Pi )
4: Construct ki∈I AEi , which is the synchronous product of AEi
5: if L (ki∈I AEi ) = 0/ then
6: return no solution
7: else
8: Check if L (A) is trace-closed
9: if L (A) is trace-closed then
10: Construct AG = A× ki∈I AEi
11: else
12: Construct AG = ¬(ki∈I ((ki∈I AEi × (¬A)) Σi ))× ki∈I AEi
13: end if
14: if L (AG ) = 0/ then
15: return no solution
16: else
17: Find a word wg ∈ L (AG ) and obtain a set of local words wloc i = wg Σi
18: Construct {A bloc , i ∈ I} (Eqn. 4) from {Aloc , i ∈ I}, where L (Aloc ) = wloc , ∀i ∈ I
i i i i
19: Construct {Piloc = A bloc ⊗ Ti , i ∈ I} and find the accepted runs {r loc , i ∈ I} and the corre-
i Pi
sponding accepted words {wi = wi (0) . . . wi (n), i ∈ I}.
20: Obtain {rTi = γTi (rPloc ) = vi (0) . . . vi (n + 1), i ∈ I} and {msi =
i
vi (0)wi (0) . . . vi (n)wi (n) V ∪Σi , i ∈ I}
21: return a set of words {msi , i ∈ I}
22: end if
23: end if

5 Automatic Deployment in the RULE

In this section, we show how our solution to Prob. 1 can be used to deploy a team
of robots using a rich specification to service requests occurring in a miniature city.
Our Robotic Urban-Like Environment (RULE) shown in Fig. 2 is a collection of
roads, intersections, and parking lots, which are connected following a simple set of
rules (e.g., a road connects two (not necessarily different) intersections, the parking
lots can only be located on the side of (each bound of) a road). Each intersection
has traffic lights that are synchronized in the usual way. A desktop computer is used

Fig. 2 The topology of the

city for the case study from
Sec. 5 and the labels of the
roads, intersections, and park-
ing lots.
A Formal Approach to Deployment of Robotic Teams in an Urban-Like Environment 11

to remotely control the traffic lights through XBee wireless boards. Each parking
lot consists of several parking spaces, where each parking space can accommodate
exactly one car, and each parking lot has enough parking spaces to accommodate all
the robots at the same time. The city is easily reconfigurable through re-taping and
re-placement of the wireless traffic lights in intersections.
The robots are Khepera III miniature cars. Each car can sense when entering an
intersection from a road, when entering a road from an intersection, when passing
in front of a parking lot, when it is correctly parked in a parking space, and when
an obstacle is dangerously close. Each car can distinguish the color of a traffic light
and different parking spaces in the same parking lot. Each car is programmed with
motion and communication primitives allowing it to safely drive on a road, turn in an
intersection, park, and communicate with other cars. All the cars can communicate
through Wi-Fi with a desktop computer, which is used as an interface to the user
(i.e., to enter the global specification) and to perform all the computation necessary
to generate the individual control and communication strategies. Once computed,
these are sent to the cars, which execute the task autonomously by interacting with
the environment and by communicating with each other, if necessary. We assume
that the communication protocol is deadlock-free.
Modeling RULE using the framework described in Sec. 3 proceeds as follows.
The set of vertices V of the environment graph E is the set of labels assigned to
the roads, intersections, and parking lots (see Fig. 2). The edges in →E show how
these regions are connected. We assume that inter-robot communication is possible
only when the robots are in the same parking lot. The motion capabilities of the
(identical) robots are captured by a transition system Ti (Eqn. (2)) which has 27
vertices and 42 transitions. Note that, in reality, each vertex of Ti has associated a
set of motion primitives, and each transition is triggered by a Boolean combination
of interrupts. For example, at vertex R5l , only one motion primitive follow road is
available, which allows the robot to drive on the road. There is only one possible
transition from R5l to I1 , which is triggered by at int AND green light, where at int
is an interrupt generated when the robot reaches the end of a road at an intersection,
and green light is an interrupt generated at the green color of the traffic light.
It is important to note that, by selecting a motion primitive available at a vertex,
the robot can correctly execute a run of Ti , given that it is initialized on a road. In-
deed, only one motion primitive (follow road) is available on a road (more details
about the motion primitives can be found in [4]). In other words, MS plans defined
in Sec. 3 and derived as described in Sec. 4 can be immediately implemented by a
robot. It is easy to see that, under some reasonable liveness assumptions about envi-
ronmental events (e.g., the traffic lights will eventually turn green), such a transition
system captures the motion of each robot correctly.
In the rest of this section, we present a case study. Assume that two robots (cars),
labeled as C1 and C2 , are available for deployment in the city with the topology
from Fig. 2. Assume the set of service requests is Σ = {H1 , H2 , L1 , L2 , L3 , L4 , L5 },
where Li , i = 1, 2, 3, 4, 5 are “light” requests, which require only one robot, and
therefore should be serviced in parallel, while Hi , i = 1, 2 are “heavy”, and re-
quire the cooperation of the two robots. Assume that C1 can service L1 and L4
12 Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

and C2 can service L2 , L3 and L5 , i.e., the set of requests is distributed as Σ1 =

{L1 , L4 , H1 , H2 }, Σ2 = {L2 , L3 , L5 , H1 , H2 }. between the two agents. Assume the re-
quests occur at the parking lots as given by the assignment function a(L1 ) = P1 ,
a(L2 ) = P2 , a(L3 ) = P3 , a(L4 ) = P4 , a(L5 ) = P1 , a(H1 ) = P4 , and a(H2 ) = P5 . Fi-
nally, assume that the global task specification is to service L4 and then L5 or first
service H1 , then both L1 and L2 in an arbitrary order, then H2 , and finally both L1
and L3 in an arbitrary order. Formally, this specification translates to the following
RE over Σ : L4 L5 + H1 (L1 L2 + L2 L1 ) H2 (L1 L3 + L3 L1 ).

loc
Global FSA A FSA AiE Synchronous
y Product FSA AG FSA
S Ai
E E
A1 || A2
Agent 1 Agent 2
0 0, 0 0
H1 H1 H1
Robot 1:
L1 1 L2 L4 1, 1
L1 1 L2
L4 L2 L1 L5 Robot 1:
2 3 0 1 2 3 4
1 2
1, 2 2, 1
2, 1 2 3 0 1 2 3 4
H1 L1 H2 L1
L2 4 L1 L4 L1 L2 4 H1 L1 H2 L1
9 2, 2 L2
4, 0 0, 4 L1
H2 Robot 2: H2 H2
L1 5 L3 3, 3
3, 3
L1 5 L3
Robot 2:
L5 0 1 2 3 4 L3 L1
6 7 H1 L2 H2 L3 L5 L4 0 1 2 3 4
3, 4 4, 3 6 7
L5 H1 L2 H2 L3
L3 8 L1 L3 L3 8
L1 4 4
4, 4 L1

Fig. 3 The FSAs generated by applying Alg. 1.

Using Alg. 1, we generate a set of FSAs AEi . Since RULE is fully connected,
all the words accepted by Ai can be implemented. In this example, L (A) is nei-
ther a product language nor a trace-closed language (e.g., for w = L4 L5 , we have
[w]∆ = {L4 L5 , L5 L4 } and hence, [w]∆ * L (A)). Therefore, the FSA AG is obtained
as described in Sec. 4.2. We choose wg = H1 L1 L2 H2 L1 L3 ∈ L (AG ). The corre-
sponding service plans for C1 and C2 are s1 = H1 L1 H2 L1 and s2 = H1 L2 H2 L3 , re-
spectively. The FSAs generated by Alg. 1 are shown in Fig. 3. Finally, we generate
the MS plans for C1 and C2 . By assuming that C1 and C2 start in R2l and R1l respec-
tively, the two MS plans are
ms1 : R2l I2 R4r I3 R8r P4 H1 R8r I4 R5l I1 R6r P1 L1 R6r I4 R8l P5 H2 R8l I3 R8r I4 R5l I1 R6r P1 L1
ms2 : R1l I1 R3l I2 R4r I3 R8r P4 H1 R8r I4 R5l I1 R3l I2 R3r P2 L2 R3r I1 R5r I4 R8l P5 H2 R8l I3 R8r I4 R6l P3 L3
The above MS plans are then mapped to control and communication strategies
through the use of motion primitives and interrupts as described above. The movie of
the actual deployment in the RULE platform is available at http://hyness.bu.edu/dars.

6 Conclusion

We presented a framework for automatic deployment of a robotic team from a spec-

ification given as a regular expression over a set of service requests occurring at
known locations of a partitioned environment. Given the robot capabilities to ser-
A Formal Approach to Deployment of Robotic Teams in an Urban-Like Environment 13

vice the requests, and the possible cooperation requirements for some requests, we
find local control and communication strategies such that the global behavior of the
system satisfies the given specification. We illustrate the proposed method with ex-
perimental results in our Robotic Urban-Like Environment (RULE). As future work,
we will consider expanding the set of global specifications to formulas of temporal
logics, such as Linear Temporal Logic, and extensions to probabilistic frameworks.

References

1. M. Antoniotti and B. Mishra. Discrete event models + temporal logic = supervisory controller:
Automatic synthesis of locomotion controllers. In IEEE International Conference on Robotics
and Automation, May 1995.
2. C. Belta and L.C.G.J.M. Habets. Control of a class of nonlinear systems on rectangles. IEEE
Transactions on Automatic Control, 51(11):1749 – 1759, 2006.
3. Yushan Chen, Samuel Birch, Alin Stefanescu, and Calin Belta. A hierarchical approach to
automatic deployment of robotic teams with communication constraints. In International
Conference on Intelligent Robots and Systems, 2010 (to appear).
4. Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta. A formal approach to de-
ployment of robotic teams in an urban-like environment. Technical report, Boston University,
2010. (available at hyness.bu.edu/dars).
5. H. Choset, K.M. Lynch, S. Hutchinson, G. Kantor, W. Burgard, L.E. Kavraki, and S. Thrun.
Principles of Robot Motion: Theory, Algorithms, and Implementations. MIT Press, Boston,
MA, 2005.
6. E. M. Clarke, D. Peled, and O. Grumberg. Model checking. MIT Press, 1999.
7. G. E. Fainekos, H. Kress-Gazit, and G. J. Pappas. Hybrid controllers for path planning: a tem-
poral logic approach. In Proceedings of the 2005 IEEE Conference on Decision and Control,
Seville, Spain, December 2005.
8. H. Kress Gazit, G. Fainekos, and G. J. Pappas. Where’s Waldo? Sensor-based temporal logic
motion planning. In IEEE Conference on Robotics and Automation, Rome, Italy, 2007.
9. L.C.G.J.M. Habets, P.J. Collins, and J.H. van Schuppen. Reachability and control synthesis for
piecewise-affine hybrid systems on simplices. IEEE Trans. Aut. Control, 51:938–948, 2006.
10. J.E. Hopcroft, R. Motwani, and J. D. Ullman. Introduction to Automata Theory, Languages,
and Computation. Addison Wesley, 2007.
11. M. Kloetzer and C. Belta. Automatic deployment of distributed teams of robots from temporal
logic motion specifications. IEEE Transactions on Robotics, 26(1):48–61, 2010.
12. J. C. Latombe. Robot Motion Planning. Kluwer Academic Pub., 1991.
13. S. M. LaValle. Planning algorithms. Cambridge University Press, Cambridge, UK, 2006.
14. S. G. Loizou and K. J. Kyriakopoulos. Automatic synthesis of multiagent motion tasks based
on LTL specifications. In 43rd IEEE Conference on Decision and Control, December 2004.
15. A. Mazurkiewicz. Introduction to trace theory. In The Book of Traces, pages 3–41. WorldSci-
Book, 1995.
16. M. Mukund. From global specifications to distributed implementations. In Synthesis and
control of discrete event systems, pages 19–34. Kluwer, 2002.
17. M. M. Quottrup, T. Bak, and R. Izadi-Zamanabadi. Multi-robot motion planning: A timed
automata approach. In Proceedings of the 2004 IEEE International Conference on Robotics
and Automation, pages 4417–4422, New Orleans, LA, April 2004.
18. S. H. Rodger and T. W. Finley. JFLAP: An Interactive Formal Languages and Automata
Package. Jones and Bartlett Publishers, Sudbury, MA, 2006.
19. A. Stefanescu. Automatic synthesis of distributed transition systems. PhD thesis, 2006.
14 Yushan Chen, Xu Chu Ding, Alin Stefanescu, and Calin Belta

20. Alin Stefanescu, Javier Esparza, and Anca Muscholl. Synthesis of distributed algorithms
using asynchronous automata. In Proc. of the 14th Int. Conf. on Concurrency Theory (CON-
CUR’03), volume 2761 of Lecture Notes in Computer Science, pages 27–41. Springer, 2003.
21. P.S. Thiagarajan and J.G. Henriksen. Distributed versions of linear time temporal logic: A
trace perspective. In Lectures on Petri Nets I: Basic Models, volume 1491 of LNCS, pages
643–681. Springer Berlin, 1998.
22. T. Wongpiromsarn, U. Topcu, and R. M. Murray. Receding horizon temporal logic planning
for dynamical systems. In IEEE Conference on Decision and Control, Shanghai, China, 2009.
23. Sheng Yu. Regular languages. In Handbook of formal languages, vol. 1: word, language,
grammar, pages 41–110. Springer-Verlag New York, Inc., New York, NY, USA, 1997.