FORMAL KINEMATICS ANALYSIS OF TWO

LINK PLANAR ROBOT

By

Binyameen

2010-NUST-MS-CS&E-23

A thesis submitted in partial fulfillment of the requirements for the degree of Masters of

Science in Computational Science and Engineering

Research Centre for Modeling and Simulation,

National University of Sciences and Technology (NUST),

Islamabad, Pakistan.

(August 2014)

i

c©Copyright

by

Binyameen

2014

ii

To My Family

and

My Teachers

iii

Acknowledgements

In the name of ALLAH, the Most Gracious and the Most Merciful, all praises to ALLAH

for His countless blessings on me in order to complete this thesis.

I am enormously pleased to precise my intense gratefulness and deepest gratitude to my

advisor Dr. Osman Hasan for his excellent guidance, strong support, expert advice and

providing me the life time chance for doing research under his supervision even though I

had no research experience. I would also like to thanks him for supporting me by providing

Research Assistantship. I attribute the level of my Masters degree to his encouragement

and effort and without him this thesis, too, would not have been completed or written. His

punctuality, regularity, timely response of emails, his tolerance regarding my blunders was

all excellent. I could not have wished for a better thesis supervisor.

I offer my thank to Dr. Sohail Iqbal for sparing time out of his so much busy routiune to

assist me as my external examiner and taking extra interest specially by helding meetings

after regular intervals. I would like to thank Dr. Meraj Mustafa Hashmi for his helpful

suggestions, comments and for serving on my thesis committe. I sincerely thank to Engr.

Sikander Hayat Mirza for his unconditional help and encourgment for doing my thesis in

SAVE Lab. I am also thankful to Dr. Khalid Pervez who directed me on the different

phases of my research thesis.

I offer my special thank to Umair Siddique, my friend and a former member of SAVE Lab

for his motivation and support. Without his help, I would not be where I am today. Many

thanks to my colleagues at RCMS and all members of SMART Lab for their support and

nice company. I would also like to thank Muhammad Sheraz Khaliq, Muhammad Salman

Manzoor, Muhammad Usman Sanwal, Muhammad Ahmad, Waqar Ahmed, Faiq Lodhi,

Hafiz Afzal, Muhammad Ali Mehar, Asif Mehmood, all hostel fellows and RCMS staff for

their support and encouragement.

Lastly but not least, I will always be grateful to my mother for her prayers, love and

iv

support. I would also like to thank all my family members, specially my elder brother

Abdulrehman for his support and motivation for higher studies.

v

Abstract

Kinematic analysis is used for trajectory planning of robotic manipulators and is an integral

step of their design. The main idea behind kinematic analysis is to study the motion of the

robot based on the geometrical relationship of the robotic links and their joints. Given the

continuous nature of kinematic analysis, traditional computer-based verification methods,

such as simulation, numerical methods or model checking, fail to provide reliable results.

This fact makes robotic designs erroneous, which may lead to catastrophic consequences

given the safety-perilous sort of robotic applications. Leveraging upon the high expres-

siveness of higher-order logic, we used higher-order-logic theorem proving for conducting

formal kinematic analysis. As a first step towards this direction, we utilize the geometry

theory of HOL-Light to develop formal reasoning support for the kinematic analysis of

a two-link planar manipulator, which forms the basis for many mechanical structures in

robotics. To prove the usefulness of our foundational formalization, we put forward the

formal kinematic analysis of a biped walking robot.

vi

Table of Contents

Page

Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv

Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi

Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Chapter

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.1 Kinematic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Techniques used for Kinematic Analysis . . . . . . . . . . . . . . . . . . . . 2

1.2.1 Numerical Methods or Simulation . . . . . . . . . . . . . . . . . . . 2

1.2.2 Computer based Softwares for Kinematic Analysis . . . . . . . . . . 3

1.2.3 Problem Description . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.2.4 Proposed Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.3 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.4 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1 Theorem Proving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2 HOL Light Theorem Prover . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.3 Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.4 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.5 Inference Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.6 Theorems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.7 Theories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.8 Proofs in HOL Light . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

vii

2.9 HOL Light Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.10 Harrison’s Formalization of Multivariate Calculus Theories in HOL-Light . 14

2.10.1 Formalization of Vectors Theory . . . . . . . . . . . . . . . . . . . 15

2.10.2 Formalization of Geometry Theory . . . . . . . . . . . . . . . . . . 17

3 Kinematic Analysis of Two-Link Planar Manipulator . . . . . . . . . . . . . . . 19

3.1 Forward Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.2 Inverse Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 Formalization of Kinematic Analysis in HOL Light . . . . . . . . . . . . . . . . 25

4.1 Forward Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

4.2 Inverse Kinematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

5 Application: Biped Robot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

6 Conclusions and Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

viii

List of Figures

3.1 Kinematic Diagram a Two-Link Planar Manipulator . . . . . . . . . . . . . 20

3.2 Two solutions for Inverse Kinematics . . . . . . . . . . . . . . . . . . . . . 23

5.1 Biped Robot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

ix

List of Tables

2.1 HOL Symbols and Functions . . . . . . . . . . . . . . . . . . . . . . . . . . 14

x

Chapter 1

Introduction

1.1 Kinematic Analysis

Kinematic analysis [19] is the study of motion of a machine or mechanism with respect to a

fixed reference coordinate system without considering the forces or moments that cause the

motion. The objective of any analysis of kinematics is to make refined intellectual models

that serve to explain the motion of real-world objects. It mainly allows us to determine

parameters like the position, displacement, rotation, speed, velocity and acceleration of

a given mechanical structure and is thus used to design the geometrical dimensions and

operational range of a mechanical structure according to the given specifications. Kine-

matics describes the analytical relationship between the joint positions and the end-effector

position and orientation while differential kinematics describes the analytical relationship

between the joint motion and the end-effector motion in terms of velocities. The main

idea behind kinematic analysis is to first identify the links (rigid bodies) and joints (allow

rotation or sliding) of the given mechanical structure and then construct a corresponding

kinematic (skeleton) diagram, which is a geometrical structure depicting the connectivity

of links and joints. Finally, the kinematic diagrams are analyzed, using the principles of

geometry, to determine the motion of any point of interest in the kinematic diagram [8].

Robot kinematics deals with aspects of redundancy, collision avoidance and singularity

avoidance.We have been created with bones, muscles and senses. Muscles are helpful in

controlling ourselves and senses are used for measurements: touch, vision, etc. Similarly

robots are made up of links and joints in numerous arrangements. Unintelligent robots can

merely control and compute the joints directly, such as rotate any joint for 200 pulses. These

1

joints are called coordinates. In order to achieve a task in an application, we have to handle

the position and orientation in different coordinate systems such as work piece to tool. The

embryonic robot is unfamiliar with the connections between joint coordinates and other

coordinate systems. It is very problematic to be used in applications. That distinguishes

a toy robot from an industrial robot. For a robot to move to specific position at certain

orientation conveniently, the relationships between the joint coordinate system and some

other systems, such as base or tool systems, must be known. Kinematic analysis allows

us to extract useful information about the workspace, dexterity and precision of a given

robotic design [32]. Thus, kinematic analysis is always performed during the conception

phase of a robot to ascertain that the designed robot is appropriate to serve the given

purpose [28]. For example, kinematic analysis has been used to judge the slope climbing

capability of a biped robot [25] and the repairing the human aortic aneurysm capability of

a minimal invasive surgical robot [9].

1.2 Techniques used for Kinematic Analysis

1.2.1 Numerical Methods or Simulation

Given the safety-critical nature of many robotic applications, traditional techniques, like

numerical methods or simulations, are not encouraged to be used for kinematic analysis

[30]. Numerical methods can only provide estimated solutions to problems over a definite

interval such as distance or time. The inaccuracy involved in the solution depends on the

problem solving technique. Numerical methods are used with larger systems containing

many connections. Numerical methods are employed when assessing empirical information

such as experimental data. Such information will contain some amount of error irrespective

of exactness and regulations conducted while doing the experiment. In such a situation it

is just wastage of time to use exact analytical methods because the solution can never be

more accurate than the input data. One of the main disadvantage of numerical method is

2

its pathological behavior. i.e. using this method we have to face difficulties with precision,

singularities and stability. Moreover simulation generates a way of evaluating solutions but

does not generate solutions themselves. Simulation is not precise. It does not yields an

answer but merely provides a set of the system’s response to different operating conditions.

In many cases, this lack of precision is difficult to measure. Simulation cannot naturally

be used to find an optimal solution. There are methods which long to optimize the result,

but simulation is not inherently an optimization tool.

1.2.2 Computer based Softwares for Kinematic Analysis

Computer algebra systems, like Maple and Mathematica, offer complete packages (e.g. [31])

for kinematic analysis of mechanical systems. Despite being very efficient for computing

mathematical solutions symbolically, these methods cannot be considered 100% reliable

due to the involvement of unverified huge symbolic manipulation algorithms in their core.

While formally correct, symbolic integrals may not be suitable for numerically computing

the area under the curve[8]. Also, for expressions that do not consist of elementary functions

(e.g., Bessel functions) computer algebra systems may have less success[6]. It is generally

perceived that failures in computer algebra systems are commonly due to memory excess:

for numerous problems in computer algebra, some of the best available algorithms agonize

with intermediary expression surge where the consequence is of tolerable size, but the

intermediary calculation meets serious memory limitations. As an alternative, interval

analysis has been used to find the safe kinematics for a minimum invasive surgical robot

[15]. However sometimes, due to computational pessimism, the resulting interval becomes

too large to provide any useful information. Moreover, interval analysis is not suitable

to exhaustively check the initial hypothesis of the model properly and thus cannot be

completely relied upon as well. Inaccuracies in kinematic analysis could lead to disastrous

consequences, including a robot’s breakdown [17], and thus investigating more reliable and

sound kinematic analysis techniques is a dire need.

3

1.2.3 Problem Description

In the past couple of decades, formal methods have emerged as a successful verification

technique for both software and hardware systems. The laborious exercise of creating a

mathematical model for the specified system and evaluating this model using mathematical

logics usually enhances the probabilities for catching artful but precarious design errors

that are mostly disregarded by conventional techniques like paper-and-pencil based proofs

or numerical methods[13]. However, due to the continuous nature of the analysis and

the immersion of analytical geometry, automatic state-based formal methods, e.g. model

checking, cannot be used to ascertain absolute correctness. On the other hand, leveraging

upon the high expressiveness of higher-order logic, theorem proving can provide the ability

to formally reason about the correctness of kinematic analysis. But to the best of our

knowledge, the underlying principles of kinematic analysis have not been formalized in

higher-order-logic so far and thus formal reasoning about the correctness of kinematic

analysis is not a straightforward task.

1.2.4 Proposed Solution

As a first step towards using a higher-order-logic theorem prover for formally verifying the

correctness of kinematic analysis, we present the formal reasoning support for a two-link

planar manipulator [28], i.e., a simple yet the most commonly used mechanical structure

in robotics. In particular, we present the formalization of forward and inverse kinematic

analysis equations of a two-link planar manipulator by extending the recently developed

analytical geometry theories available in HOL-Light [11]. The main advantage of these

outcomes is that they significantly reduce the user intercession for formal reasoning about

kinematic analysis of several robots, mainly because any robot with multiple links and

joints can be expressed in terms of a two-link planar manipulator. In order to demonstrate

the practical effectiveness and utilization of the reported formalization, we utilize it to

conduct the formal kinematic analysis of a biped robot [16, 14], i.e., a two-legged mobile

4

robot, in this thesis.

1.3 Related Work

The usage of formal methods in ascertaining the correctness of continuous and physical

systems is increasingly being advocated these days [2]. In this context, formal verification

of mechanical systems, particularly the ones used in automotive and robotic applications,

have gained particular interest due to their safety-critical applications [10]. For example,

formal verification of the movements of a Samsung Home-service Robot (SHR) is presented

by analyzing its discrete control software using the Esterel model checker [7]. Similarly, an

abstracted integer-valued behavior of the mobile outdoor robot RAVON is formally modeled

in the synchronous language Quartz and is formally verified using the Averest model checker

[23]. Moreover, in order to alleviate the problems associated with unintended acceleration

due to faulty accelerator pedals, the electrical and mechanical components of Toyota’s

electronic throttle controller (ETC) have been formally modeled and verified based on the

principles of timed automata and real-time logic [24]. Likewise, an abstraction approach for

generating a discretized state-space of mechanical systems is reported in [27]. In all these

model checking based verification efforts, the continuous dynamics of mechanical systems

had to be discretized in order to be able to construct a corresponding automata-based

model [26]. Such abstractions clearly compromise the accuracy of the analysis. These

limitations can be overcome by using higher-order-logic theorem proving in the context of

verifying mechanical systems. For example, the Isabelle theorem prover has been used to

formally verify a collision-avoidance algorithm for service robots [29]. Real number and

set theories have been utilized to formalize the contour of the robot as a convex polygon

while obstacles are modeled as connected sets of points. This way, it has been formally

verified that the moving robot is able to stop, upon detecting an obstacle, within the safety

zone. The results have been verified without using any abstractions, which clearly indicates

the usefulness of theorem proving in the context of verifying mechanical systems. With

5

the same motivation, we plan to utilize higher-order-logic theorem proving for kinematic

analysis in this thesis, which, to the best of our knowledge, is a novelty.

The foremost requirement for conducting kinematic analysis in a higher-order-logic the-

orem prover is the ability to formally reason about geometry theory principles in a theorem

prover. This capability is provided by a number of theorem provers. For example, a formal

proof environment for Euclid’s elements is presented in [1]. Some other recent develop-

ments include the axiomatic formalization of Euclidian plane geometry along with some

interactive and automated reasoning support for geometrical properties in the Coq theo-

rem prover[22], the formalization of the Cartesian-plane based geometry theory along with

the proof that it can model the synthetic plane geometries in the Isabelle/HOL theorem

prover [21], and the HOL-Light geometry theory formalized, based on n-dimensional real

vector (realn), in the Euclidean space [11]. In this thesis, we have chosen the HOL-Light

theorem prover for developing the foundations of kinematic analysis. The main reasons

behind this choice include the availability of all the topological and analytic foundations

for vectors, which is expected to play a vital role in extending the reported formalization

for analyzing other continuous aspects of mechanical systems, and our past familiarity with

the HOL-Light.

1.4 Organization of the Thesis

The rest of the thesis is organized as follows: Some related work about formal verification

of mechanical systems and formalization of geometry theory is presented in Chapter 3. In

Chapter 3, we also provide a brief introduction about kinematic analysis of a two-link planar

manipulator. The formalization of these foundations of kinematic analysis is provided in

Chapter 4. We utilize this formalization to conduct the formal kinematic analysis of a

biped robot in Chapter 5. Finally, Chapter 6 concludes the thesis.

6

Chapter 2

Preliminaries

In this chapter, we describe a concise overview of the HOL-light theorem prover and or-

ganize an impression of Harrison’s formalization of geometry, vector and complex analysis.

The purpose is to familiarize the basic theories along with some symbolic representations

that are going to be used in the other part of the thesis.

2.1 Theorem Proving

One of the most advanced research area in automated reasoning is theorem proving or

automatic deduction. It is concerned about the formation of mathematical theorems using

a computer software package. Based upon the descriptive requirement, these mathematical

theorems can be prepared on the basis of different types of logic, e.g. first-order logic or

propositional logic or higher-order logic. For example, the advantage of using higher-order

logic instead of first order logic appears in terms of the accessibility of extra quantifiers and

extremely expressive nature of higher-order logic. Mathematically model the given system

in an appropriate logic is the key idea behind the theorem proving based formal analysis

and then the related properties are proved using computer based formal reasoning. The

analysis becomes much easier if we use higher-order logic theorem proving for modeling

the system behaviors because any system that can be expressed mathematically, can be

formal verified using higher-order logic. The theorem provers usually based upon some

renowned axioms and primitive inference rules. The verification based on theorem proving

guarantees the accuracy because all new theorems are formed from these fundamental

axioms and primitive inference rules.

7

A theorem prover or proof assistant is a tool which enables the formal sketch of a given

system in the form of mathematical expressions. There are two kinds of provers, i.e., inter-

active and automatic. Significant user-computer interaction is required in using interactive

theorem prover, while automatic theorem prover can accomplish different proof tasks by

its own. There are a large number of theorem provers but only few of them have large user

communal and are in constant improvement. Some frequently used automated provers are

Gandalf, LeanTAP, METEOR, SATURATE, SETHEO and Otter and MetiTarski. Some

commonly used interactive higher-order logic based theorem provers include includes HOL,

HOL Light, ACL2, Coq, Isabelle, ProofPower, and MIZAR.

This thesis uses the HOL Light theorem prover to demeanour all the robotics kinemat-

ics analysis. The main motives behind this selection comprise the richness of Harrison’s

geometry analysis related theories, which are central to our work, and the capability to

use Harrison’s vector theory to formalize the angles and thus the end effector position.

Moreover, some earlier work related to formal analysis of complex analysis inspired this

thesis to be done in HOL theorem prover. functions.

2.2 HOL Light Theorem Prover

HOL Light is a computer software package to support users proves thought-provoking

mathematical theorems entirely formally in higher order logic. It establishes a very rig-

orous model of precision, but offers a number of pre-proved mathematical theorems and

automated tools (e.g. about arithmetic, real analysis and basic set theory) to prevent the

user effort. It is also completely programmable, so users can outspread it with new in-

ference rules and theorems without conceding its reliability. HOL is available in different

versions, going back to Mike Gordons work in the early 80s. HOL Light uses much easier

logical fundamentals and has little relic code, producing the system a straightforward and

simple feel as compared to other HOL systems. Notwithstanding its easiness, it deals with

theorem proving power as compared to, and in some areas better than, different versions

8

of HOL, and is widely used for some substantial industrial-scale verification applications.

HOL Light is one of the theorem provers of HOL family. The primarily version of

HOL is HOL88 trailed by following versions i-e, HOL90 and HOL98 and HOL4. It is a

cooperative theorem prover which is based on the LCF methodology which is alike to the

deduction system in which even every infinitesimal point need to be stated in detail. It

supports in writing the given system and its properties in form of mathematical properties

in metalanguage ML [20] to automate the inferences. Based on the Church[5] method ,the

HOL family provides a version of λ-calculus. HOL Light contains ten primitive rules of

inference. For the formal verification of both hardware and software, HOL Light is more

acceptable and commonly used.

HOL Light is a comparatively new edition of the HOL theorem prover. In this version

a re-engineered and simplified version of the axiomatization of the logic is given. HOL

Light is relatively small and clean as compared with other versions of HOL, and creates

acceptable demands on the running machine.

Based on polymorphic simple type theory, theorems are proved in a system of classi-

cal higher order logic in HOL Light. All proof progresses by the application of low-level

inference rules in order to maintain a high level of reliability. Several advantageous math-

ematical theories e.g. vector analysis, already exist.

2.3 Terms

Terms are identical to strings, used purely as symbolic terms. Terms are not only denoted

as collections of characters, but with the help of more affluent tree-structured depiction,

they are similar to an ’abstract syntax tree’. HOL’s logic is constructed on λcalculus in

which terms are assembled beginning from constants and variables by means of abstraction

and application. All mathematical and logical avowals are denoted in this identical way.

Constants and variables are most likely acquainted to the reader from an informal

knowledge of mathematics. Constants and variables are manipulated as the building-blocks

9

of terms. Any name can be assigned to variables, e.g. y, x, delta, angle. Constants, e.g. ⊥

(false),> (true) and [ ] (the empty list) are meant to be acronyms for other terms. Constants

dont include a couple of primitive ones, e.g. equality itself. Before using in the terms, its

definition is required.

Application is an application of a function to an operation used constantly in mathe-

matics, known as an argument. f(t) is the conventional syntax to apply a function f to an

argument t. Since HOL follows λ-calculus principles so it permits the parentheses to be

excluded, except they are desirable as t may be a composite term by itself.

Abstraction is, in a precise sense, a reverse operation to application. Given a variable y

and a term t, which may or may not have y, we can make the so-called lambda-abstraction

λy. t. It is read as ‘the function of y that uses t as its argument’. Abstractions are

not frequently perceived in informal mathematics, but they comprise at minimum two

merits. Firstly, variable dependencies and binding are made explicitly; in opposite to in

informal mathematics it is often written f(y) in conditions where the actual meaning is λy.

f(y). Secondly they permit the user to compose indistinctive function-valued expressions

deprived of specifying them (Usually we see y → t[y] used for this idea), and as we are

using higher order logic, it’s necessary to put functions on an equal basis with first-order

objects in this pattern.

2.4 Types

An important feature of HOL is that every term has a definite type. The type shows what

kind of mathematical object the term denotes (a set, a number, a function, etc) .If HOL is

capable to allocate a type to a term, but it is not determined exclusively, a common type

will be allocated automatically: But type annotations to subterms of compound terms can

be assigned. The importance of types is that they can sort out such ’nonsensical’ terms

from the begining, and monitor certain native constraints without unusual user assistance.

HOL, being based upon λcalculus, follows simple type theory quite closely. Every term

10

has a distinctive type which is either one of the elementary types or the result of applying a

type constructor to other types. The only elementary type in HOL is primarily the type of

booleans bool and the only type operator is the function space constructor. HOL prolongs

Church’s system by letting also ‘type variables’ which give a system of polymorphism.

Constants with polymorphic type are basic, and can have many types subsequent from

fixing the names of the type variables.

For knowledge, types are written in a concrete syntax with some type constructors like

written in x. Just as with constant and variable terms, type variables and type constants are

not separated syntactically: HOL’s parser accepts that everything whose name resembles

to a constant is a constant, and every other identifier is a variable. However, it’s customary

to use names beginning with an uppercase letter for type variables, e.g. X and Value.

2.5 Inference Rules

Inference rules are routes for developing new theorems and they are denoted as ML func-

tions. All other rules are based upon these inference rules and axioms. The rules are REFL

(Reflexivity: equality is reflexive), TRANS (Transitivity: equality is transitive), MK CON

(Make conversion: equal functions applied to equal arguments give equal results), ABS (Ab-

straction: if, without using any special properties of x, two expressions involving x are equal,

then the functions that take x to those values are equal), BETA (Beta-conversion: com-

bination and abstraction are converse operations), ASSUME (Assumption introduction:

from any p we can deduce p), EQ MP (Equality-mapping: connects equality with deduc-

tion), DEDUCT ANTISYM RULE (Deduction-antisymmetric-rule: also connects equality

and deduction), INST (Instantiation: variables are to be interpreted as schematic) and

INST TYPE (Instantiation-type: same, but for substitution of type variables rather than

term variable.

11

2.6 Theorems

In conventional formal logic, with the help of a precise set of syntactic rules to some

primary axioms, a formula is verified. In HOL Light, a similar concept is used in a more

computational arrangement. An exclusive type thm (’theorem’) is utilized for formulas that

have been, actually have been, not merely can be proved. A theorem is a formal statement

of the type of an axiom or it is supported from other formalized theorems by an inference

rule. A theorem is formed with a finite set of boolean terms Ω known as assumptions and

a boolean term S known as the conclusion. Any additonal theorem can be formed only

on the basis of already proved theorems. I this way, it will also satisfy the inference rules

mentioned above.

2.7 Theories

A HOL Light theory contains of a set of types, operators, definitions, constants, theorems

and axioms. It comprises a lot of theorems that have previously been proved from the

definitions and axioms. The HOL Light theories can be loaded to use the existing definitions

and theorems in those theories. The readiness of HOL Light theories permits the user to

use and outspread the present results without replicating the struggles that have already

been put in assembling such theories. HOL Light theories can have other existing theories

as well. For example, one of the Multivariate theory in HOL Light is geom which also

include real theory available in Multivariate also. We utilized the HOL Light theories of

Geometry, Vectors, Complex numbers, Real numbers and transcendental functions in this

thesis. One of the major inspirations of choosing the HOL Light theorem prover for our

work was to get advantage from these integrated mathematical theories.

12

2.8 Proofs in HOL Light

In HOL Light, two types of interactive proof methods are available: backward and forward.

Backward proof method is based on the model of a tactic; which is an ML function that

breakdowns goals into uncomplicated subgoals. In this method, the handler initiates with

the required theorem or the desired goal that is further breakdowns to easy subgoals using

the tactics which is a ML-function that breakdowns a goal into subgoals. A forward proof

method is the reverse of the backward or a goal directed proof method. In a forward proof,

the user initiates from the basis built-in inference rules and attempts to prove the require

goals on top of these inference rules and existing theorems. The forward proof method

is tough approach as compared to backward proof method due to its requirement all the

low level details of the proof. There are also many automatic proof assistants and proof

procedures existing in HOL Light which aids the user in leading the proof to the end.

In interactive theorem verification techniques user interacts with the proof editor of HOL

Light and till the last step of the proof, directs the necessary tactics to the prover. In HOL

Light, only a few proof steps are automatically solved by the prover whereas many others

have need of significant user interaction.

2.9 HOL Light Notations

The Table 2.1 presents the mathematical understanding of some HOL Light symbols and

functions used in this thesis. These symbolizations will be commonly seen in the formal-

ization mentioned in the coming chapters. The reason to mention these symbols here is to

get the person who reads handsomely equipped with the terms to come in this thesis.

13

Table 2.1: HOL Symbols and Functions

HOL-Light Symbol Standard Symbol Meaning∨ or Logical or∧ and Logical and∼ not Logical negation

<==> = Equality==> −→ Implication!x.t ∀x.t for all x : t?x.t ∃x.t for some x : tnum 0, 1, 2, . . . Positive Integers data typereal All Real numbers Real data typeabs x |x| Absolute functionsuc n (n+ 1) Successor of natural numberln x loge(x) Natural logarithm function

max x y max(x, y) Maximum of x and ymin x y min(x, y) Minimum of x and yinv x 1/x Inverse of xFACT n n! Factorial of nm ∗ ∗ n mn num m raised to num exponent ninv x x−1 Multiplicative inverse of a real xλx.t λx.t Function that maps x to t(x)

lim(λn.f(n)) limn→∞

f(n) Limit of a real sequence f

x|P (x) λx.P (x) Set of all x that satisfy the condition P(a, b) a x b A mathematical pair of two elements

2.10 Harrison’s Formalization of Multivariate Calcu-

lus Theories in HOL-Light

This section contains a concise overview to the already available multivariate vectors and

geometry theories in the HOL Light theorem prover so that the person who reads gets

familiar with some working awareness of the notations and definitions used in this thesis.

Moreover the purpose is to sort this thesis self-reliant and thus enable its interpretation for

a broader audience, containing both formal methods and robotics industrial communities.

14

2.10.1 Formalization of Vectors Theory

In HOL-Light, a vector having n-dimensional is denoted as Rn column matrix of real

numbers. All of the vector manipulations are then treated as matrix operations. Using this

reprsentation, vectors can be denoted by the data-type R2 for a proof in plane geometry,

i.e, a column matrix containing two elements [11]. In the formalization of vectors, the

first real number indicates the first (horizontal) component and the second real number

symbolizes the second (vertical) component of the corresponding point of which the location

is described by the vector. Some of the important definitions related to vectors are given

as follows:

Definition 1: Vectors Addition

` x + y = lambda i. x$i + y$i

Addition and similar pointwise operations are defined according to the above pattern. Note

that we overload the usual arithmetic symbols like +, but that the underlying constant on

the left is actually vector add (:realˆN→ realˆN→ realˆN), whereas the + on the right is

the usual addition of real numbers[11]. The notation x$i represents the $ith$ component

of a vector x.

Definition 2: Vector Scalar Multiplication

` c % x = lambda i. c * x $i

Any scalar number c can be multiplied with vector such that each component of the vec-

tor is separately multiplied by the scalar. Here on the left % operator is used which is used

to multiply a scalar number to with the vector but on the right is the usual multiplication

of two real numbers.

Definition 3: Vector Corresponding to small Natural Numbers

` vec n = lambda i. & n

15

The above mentioned definition in an inoculation from natural numbers, advantageous

to indicate the null vector by vec 0.

Definition 4: Dot Product of Vectors

` (x:real^ N) dot (y:real^ N) =

sum(1..dimindex(UNIV:N→bool)) (λ i. x$i * y$i)

One of the interesting definitions is the scalar (dot) or inner product. We showed here

it with the suitable type explanations. In informal mathematics, a very close definition to

it is written as x · y = Σ i=1n xiyi. The difference between two definitions is that in our

formal definition N is a type, we have to change it to a number by using dimindex to its

universe set.

In the definition mentioned above, norm is utilised representing the normalization of a

vector. The magnitude of vector is usually described using it. In HOL-Light [11], norm

has been formalised as follows:

Definition 5: Vector Norm

` norm x = sqrt (x dot x)

where sqrt in the HOL-Light is used to represent square root function for real numbers.

The corresponding distance function is utilised in our formalization to model robotic

arm. In HOL-Light dist (distance function) is formalized as follows:

Definition 6: Distance Function

` dist (x,y) = norm (x - y)

The function dist accepts two numbers of type real N and give the distance between them

using the norm function defined above.

Definition 7: Orthogonality

` orthogonal x y ⇔ (x dot y = & 0)

16

This definition states that the two vectors will be perpendicular to each other if and

only if their dot product is zero. It is obvious from our basic knowledge that cosθ becomes

zero when the angle θ is 90o. This is very much helpful in order to show the orthogonality

of cartesian coordinate system reference axis.

2.10.2 Formalization of Geometry Theory

Geometry is particularly rich in WLOG principles, perhaps reflecting the fundamental im-

portance in geometry of property-preserving transformations. The modern view of geome-

try has been heavily influenced by Kleins Erlanger Programm, which emphasizes the role

of transformations and invariance under classes of transformations, while modern physical

theories usually regard conservation laws as manifestations of invariance properties: the

conservation of angular momentum arises from invariance under rotations, while conser-

vation of energy arises from invariance under shifts in time, and so on. One of the most

important ways in which such invariances are used in proofs is to make a convenient choice

of coordinate system. In our formulation of Robotics Kinematics in HOL Light, geometric

concepts are all defined in analytic terms using vectors, which in turn are expressed with

respect to a standard coordinate basis [12]. For example, the angle formed by three points

is defined in terms of the angle between two vectors:

Definition 1: Angle

` angle (a,b,c) = vector angle (a - b) (c - b)

which is defined in terms of norms and dot products using the inverse cosine function acs

(degenerating to π/2 if either vector is zero):

Definition 2: Vector Angle

` vector angle x y =

if x = vec 0 then pi / &2

else acs ((x dot y) / (norm x) * (norm y))

17

where norms are defined in terms of dot products as described above. In some situations

assume that we need the sum of angles of a triangle which we know that from basic geometry,

is π radians (180 degrees):

Theorem 1: Angles of a Triangle

` ∀ A B C. ∼ (A = B ∧ B = C ∧ C = A)

⇒ angle (B,A,C) + angle (A,B,C) + angle (B,C,A) = π

The entry corresponding to angle based on the translation is very useful also described

as:

Theorem 2: Angle Translation

` ∀ a b c d. angle (a + b,a + c,a + d) = angle (b,c,d)

18

Chapter 3

Kinematic Analysis of Two-Link

Planar Manipulator

A robot manipulator is composed of a set of links connected together by various joints.

The joints can either be very simple, such as a revolute joint or a prismatic joint, or else

they can be more complex, such as a ball and socket joint. The difference between the

two situations is that, in the first instance, the joint has only a single degree-of-freedom

of motion: the angle of rotation in the case of a revolute joint, and the amount of linear

displacement in the case of a prismatic joint. In contrast, a ball and socket joint has two

degrees-of-freedom[28] [18].

The kinematics is the study of the robot’s movements verse a reference system. It is

an analytic description of the spatial movement of the robot. The kinematics of a robot

manipulator describes the relationship between the motion of the joints of the manipulator

and the resulting motion of the rigid bodies which form the robot. It is a function of time

and a relationship, between the position and the orientation (localization) of the robot’s

final link and the values of their joint coordinates. A two-link manipulator [28], depicted in

Figure 1, has two rotary degrees of freedom (DOF) in the same plane. In kinematic analysis

of this system, we are mainly interested in the trajectory planning of the end-effector (tip)

of the manipulator. In order to bring the end-effector from its initial Cartesian position to

an arbitrary point in the Cartesian space, we need to find its relationships with the joint

angles, i.e., θ1 and θ2. This can be done in two ways, i.e. forward or inverse kinematics.

This chapter gives a description of the kinematics for a general two degree of freedom,

two-link planar robot manipulator using the tool presented in Chapter 2.

19

01

02

1

2

c

y

x0x

0

y

1x

1y

2x

2y

Figure 3.1: Kinematic Diagram a Two-Link Planar Manipulator

3.1 Forward Kinematics

The forward kinematics of a robot determines the configuration of the end-effector (the

gripper or tool mounted on the end of the robot) given the relative configurations of each

pair of adjacent links of the robot[18].

In this section we develop the forward or configuration kinematic equations for rigid

robots. The forward kinematics problem is concerned with the relationship between the

individual joints of the robot manipulator and the position and orientation of the tool or

end-effector[28]. Stated more formally, the forward kinematics problem is to determine

the position and orientation of the end-effector, given the values for the joint variables of

the robot. The joint variables are the angles between the links in the case of revolute or

rotational joints, and the link extension in the case of prismatic or sliding joints [28]. The

forward kinematics problem is to be contrasted with the inverse kinematics problem, which

will be studied in the next section[18].

A robot manipulator with n joints will have n + 1 links, since each joint connects two

links. We number the joints from 1 to n, and we number the links from 0 to n, starting

from the base. By this convention, joint i connects link i 1 to link i. We will consider

the location of joint i to be fixed with respect to link i 1. When joint i is actuated, link

20

i moves. Therefore, link 0 (the first link) is fixed, and does not move when the joints are

actuated. Of course the robot manipulator could itself be mobile (e.g., it could be mounted

on a mobile platform or on an autonomous vehicle)[28]. To perform the kinematic analysis,

we rigidly attach a coordinate frame to each link. In particular, we attach oixiyizi to link

i. This means that, whatever motion the robot executes, the coordinates of each point on

link i are constant when expressed in the ith coordinate frame. Furthermore, when joint

i is actuated, link i and its attached frame, oixiyizi, experience a resulting motion. The

frame ooxoyozo, which is attached to the robot base, is referred to as the inertial frame[18].

There are two types of coordinates that are useful for describing the configuration of

the system. If we focus our attention on the task and the end effector, we would prefer

to use Cartesian coordinates or end effector coordinates. The set of all such coordinates

is generally referred to as the Cartesian space or end effector space11. The other set of

coordinates is the so called joint coordinates that is useful for describing the configuration

of the mechanical lnkage. The set of all such coordinates is generally called the joint

space. In robotics, it is often necessary to be able to map joint coordinates to end effector

coordinates. This map or the procedure used to obtain end effector coordinates from joint

coordinates is called direct kinematics[28].

The forward kinematics is the problem of determining the Cartesian position of the

end-effector of the manipulator in terms of the joint angles. This is not a straightforward

task due to the presence of multiple coordinate frames, i.e., (x0, y0), (x1, y1) and (x2, y2).

It is customary to resolve this issue by establishing a fixed coordinate system, usually

referred to as the world or base frame, to which all objects, including the manipulator, can

be referenced from. Mostly, this base coordinate frame is established at the origin of the

manipulator. The Cartesian coordinates (x, y) of the end effector can now be expressed in

this coordinate frame as [28]

x = α1 cos θ1 + α2 cos(θ1 + θ2) (3.1)

21

y = α1 sin θ1 + α2 sin(θ1 + θ2) (3.2)

where α1 and α2 are the lengths of the two links, respectively.

3.2 Inverse Kinematics

The analysis or procedure that is used to compute the joint coordinates for a given set of end

effector coordinates is called inverse kinematics. Basically, this procedure involves solving

a set of equations. However the equations are, in general, nonlinear and complex, and

therefore, the inverse kinematics analysis can become quite involved. Also, as mentioned

earlier, even if it is possible to solve the nonlinear equations, uniqueness is not guaranteed.

There may not (and in general, will not) be a unique12 set of joint coordinates for the given

end effector coordinates[28].

We now consider the inverse kinematics problem: given a desired configuration for the

tool frame, find joint angles which achieve that configuration.

Inverse kinematics allows us to find the joint angles, θ1 and θ2, in terms of the position

of the end-effector of the manipulator. The law of Cosines provides us with the following

relationship for the angle θ2

cos θ2 =(x2 + y2 − α2

1 − α22)

2α1α2

:= D (3.3)

If the desired Cartesian position coordinates (x, y) lie within the range of the manipu-

lator’s end-effector and the two links do not have to be fully extended to reach this point,

then there are two different ways, i.e., elbow-up and elbow-down, in which the end-effector

can reach the desired position, as shown in Figure 2. So, instead of obtaining θ2 from the

above equation, which does not distinguish between these two cases, we use the following

relationships:

sin θ2 = ±√

1−D2 (3.4)

22

Elbow Up

Elbow Down

Figure 3.2: Two solutions for Inverse Kinematics

θ2 = tan−1(±√

1−D2

D) (3.5)

This way, both the elbow-up and elbow-down solutions can be obtained by choosing either

the positive or the negative sign in Equation (5). Now θ1 can be found in terms of θ2 as

follows:

θ1 = tan−1(y

x)− tan−1(

α2 sin θ2α1 + α2 cos θ2

) (3.6)

The main contribution of this thesis is the formalization of the two-link planar manipu-

lator in higher-order logic and the formal verification of the above mentioned equations in

HOL-Light. The availability of this formalization will greatly minimize the human interac-

tion required in formal reasoning about kinematic analysis of real-world robotic applications

in HOL-Light.

In solving an inverse kinematics problem, one first divides the problem into specific

subproblems, such as solving for 2 given r and then using 1 to rotate the end-effector to

the proper position. Each subproblem may have zero, one, or many solutions depending

on the desired end-effector location. If the configuration is outside of the workspace of the

manipulator, then no solution can exist and one of the subproblems must fail to have a

solution (consider what happens if r ¿ l1 + l2 in the example above). Multiple solutions

occur when the desired configuration is within the workspace but there are multiple joint

23

configurations which all map to the same end-effector location. If a subproblem gener-

ates multiple solutions, then we must complete the solution procedure for all joint angles

generated by the subproblem[18].

Traditionally, inverse kinematics solutions are separated into classes: closed-form solu-

tions and numerical solutions. Closed-form solutions, such as the one given above, allow

for fast and efficient calculation of the joint angles which give a desired end-effector con-

figuration. Numerical solutions rely on an interactive procedure to solve equation (3.15).

Most industrial manipulators have closed-form solutions. These solutions are obtained in a

manner similar to that described above: using geometric and algebraic identities, solve the

set of nonlinear, coupled, algebraic equations which define the inverse kinematics problem

[18].

24

Chapter 4

Formalization of Kinematic Analysis

in HOL Light

We formalized the two-link manipulator, depicted in Figure 1, in the Cartesian plane as

the following higher-order-logic function in HOL-Light

Definition 1: Two Link Manipulator

` ∀ A B. tl manipulator A B = A + B

The function tl manipulator accepts two vectors A and B of data type (real2), which

represent the two links of the two-link manipulator, and returns their vectored sum, which

is indeed the Cartesian position of the corresponding end-effector. By default, the common

base frame of the two vectors is oriented at the origin. It is important to note that 2-

dimensional vectors are used for the two links because of the planar nature of the mechanical

system under consideration.

The two links of a general planar manipular with revolute joints can have both anti-

clockwise and clockwise rotations. In the context of the formal verification of the equations,

presented in the previous section, it is very important to have a formal mechanism to dis-

tinguish between these two kinds of rotations. For this purpose, the following HOL-light

predicate with data-type (real2 → real2 → real2 → bool) is used:

Definition 2: Anticlockwise

` ∀ B A D. anticlockwise D (A,B) <=> 0 ≤ Im (B−DA−D)

where Im represents the HOL-Light function that returns the imaginary part of a complex

number or the y-component of a two-dimensional vector in the Cartesian plane. The

25

predicate anticlockwise accepts three arbitrary points, A , B and D, in the Cartesian

plane and returns True if the angle from DB to DA is considered in the anticlockwise

direction.

A very interesting property, in the context of our verification, is the following addition

relationship between three anticlockwise angles:

Theorem 1: Anticlockwise Angle Addition

` ∀ A B C D. ∼(collinear D, A, B) ∧ ∼(C = D) ∧

anticlockwise D (A,C) ∧

anticlockwise D (C,B) ∧

anticlockwise D (A,B) ⇒

angle (A,D,B) = angle (A,D,C) + angle (C,D,B)

where A, B, C and D represent four points in the Cartesian plane. The predicate collinear

accepts three points and returns True if all these three are collinear, i.e., they lie on a

single straight line. Whereas, the function angle accepts three points (X,Y,Z) and returns

the angle between the vectors XY and ZY.

Based on the fact that the main scope of the presented work is to build formal reasoning

support for kinematic analysis in the plane geometry, we can work with a formal definition

of a two dimensional angle. This choice simplifies our proofs considerably compared to

the case if we had used the generic definition of an angle between n-dimensional vectors.

The angle between two 2-dimensional vectors can be formally defined in terms of the angle

between two n-dimensional vectors (angle) as follows:

Definition 3: Two Dimensional Angle

` ∀ A B C. TDangle (A,B,C) =

plus minus (anticlockwise B (A,C)) * angle (A,B,C)

where the function plus minus accepts a condition C and returns 1 if C is true and -1

otherwise.

26

Definition 4: Plus-Minus

` ∀ plus minus C = (if C then 1 else -1)

The the sign of the angle between two 2-dimensional vectors can be determined based on

the angle of rotation between them.

4.1 Forward Kinematics

Now, we utilize the above mentioned definitions and theorem to formally verify the forward

kinematic relationships, given in Equations (1) and (2). The verification of these equations

is not very straightforward since all the possible scenarios for the link positions have to be

considered for establishing a formal proof of the forward kinematic analysis. For example,

both the links can be in the first quadrant of the Cartesian plane, as depicted in Figure 1,

or one of them may lie in the first quadrant while the other one is in the third quadrant of

the Cartesian plane. Our main motivation here is to verify generic theorems for kinematic

analysis so that they can be used to reason about all possible scenarios.

We proceed in this direction by verifying two sub-theorems for the relationship, given

in Equation (1). The first part deals with the situation when the first link lies in the upper

half of the Cartesian plane while the second link and the end effector may lie any where in

the Cartesian plane.

Theorem 2: X-Component with the First Link in the Upper Half Plane

` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧

anticlockwise (vec 0) (A,B) ∧

anticlockwise (vec 0) (basis 1,A) ⇒

(tl manipulator A B)$1 =

norm (A) * cos (vector angle (basis 1) A) +

norm (B) * cos (vector angle A B + vector angle (basis 1) A)

where A and B are the vectors representing the two links of the manipulator under con-

27

sideration. The first two assumptions are used to avoid mathematical singularities. The

third assumption ensures that the angle from the vector OB to OA, where O represents the

origin (0,0) of the base frame, is taken in the anticlockwise direction, as the function vec

converts 0 to its corresponding null vector. The fourth assumption, i.e., anticlockwise

(vec 0) (basis 1,A), ensures that the vector A lies in the upper half of the Cartesian

plane, i.e., in the first or second quadrant, since a point P (x, y) in the Cartesian plane can

be considered equivalent to the point in the complex-plane with x as its real part and y

as its imaginary part. It is important to note that the allowable range of any angle in the

geometry theory of Hol-Light is [0, π]. The conclusion of Theorem 2 represents Equation

(1) in HOL-Light, since X$1 represents the first components of a two-dimensional vector

X, the function norm accepts a vector and returns its corresponding norm or magnitude,

the function vector angle returns the angle between its two argument vectors and the

function basis 1 returns a vector with magnitude 1 in the x direction only and thus the

angle (vector angle (basis 1) A) represents the angle of the vector A with the x-axis.

The proof of Theorem 2 was done by splitting the main goal into eight subgoals, i.e., four

corresponding to the cases where the first link is in the first quadrant and the end-effector

is in one of the four quadrants one by one and the four corresponding to the case where

the first link is in the second quadrant and the end-effector is in one of the four quadrants

one by one. Some of these cases were verified based on contradiction while the rest were

primarily verified based on Theorem 1 along with vector and geometry theoretic reasoning.

Now we consider the second case when the first link lies in the lower half of the Cartesian

plane while the end effector may lie any where in the Cartesian plane. The corresponding

HOL-Light theorem can be expressed as follows:

Theorem 3: X-Component with the First Link in the Lower Half Plane

` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧

anticlockwise (vec 0) (A,B) ∧

∼(anticlockwise (vec 0) (basis 1,A)) ⇒

(tl manipulator A B)$1 =

28

norm (A) * cos (vector angle (basis 1) A) +

norm (B) * cos (vector angle A B - vector angle (basis 1) A)

The only different assumption in this case is ∼(anticlockwise (vec 0) (basis 1,A)),

which ensures that the vector A lies in the lower half of the Cartesian plane, i.e., in the

third or fourth quadrant. Now, Theorems 2 and 3 along with their counterparts with

the assumption ∼(anticlockwise (vec 0) (A,B)) can be utilized to verify the following

theorem that covers all the possible cases for forward kinematic analysis of the x-component

of the two-link manipulator (Equation 1)

Theorem 4: X-Component of the Two-Link Manipulator

` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ⇒

(tl manipulator A B)$1 =

norm (A) * cos (TDangle (basis 1,vec 0,A)) +

norm (B) * cos (TDangle (A,vec 0,B) +

TDangle (basis 1,vec 0,A))

In a similar way, we also formally verified the forward kinematic equation for the y-

component of the two-link manipulator (Equation 2) as follows:

Theorem 5: Y-Component of the Two-Link Manipulator

` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ⇒

(tl manipulator A B)$2 =

norm (A) * sin (TDangle (basis 1,vec 0,A)) +

norm (B) * sin (TDangle (A,vec 0,B) +

TDangle (basis 1,vec 0,A))

A distinguishing characteristic of Theorems 4 and 5 is the presence of the function

TDangle, which provides us with the exact information about the sign of the corresponding

angle based on the placement of the two links in the Cartesian plane. This fact plays a very

critical role in obtaining the right set of analysis assumptions, as will be seen in Chapter 5

of this thesis.

29

4.2 Inverse Kinematics

In this subsection, we formally verify the expressions for joint angles in terms of the Carte-

sian position of the end-effector. The expression for the angle θ2, which is the phase angle

of the second link with respect to the reference frame of the first link of the two-link manip-

ulator, as shown of Figure 1, can be verified in three main steps corresponding to Equations

(3), (4) and (5). We verified the expression, given in Equation (3), as the following theorem,

Theorem 6: Cos θ2

` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧ ∼(A + B = vec 0) ⇒

cos (vector angle A B) =

((((tl manipulator A B)$1) pow 2) +

(((tl manipulator A B)$2) pow 2) - (norm (A) pow 2) -

(norm (B) pow 2)) / (2 * norm (A) * norm (B))

where A and B are the vectors representing the two links of the manipulator under con-

sideration. Besides the vectors A and B being non-null, their sum is also assumed to be

non-null in this theorem. This assumption is used to make sure that we do not have the

case where both the vectors are equal in magnitude but opposite in direction. Based on our

formal definition of the two link manipulator, (tl manilpulator A B)$1 represents the x-

coordinate and (tl manilpulator A B)$2 represents the y-coordinate of the end-effector.

The function pow is used for real power in HOL-Light. The proof of the above theorem

was primarily based on the Law of Cosines, which is available in the geometry theory of

HOL-Light.

Similarly, the expression of Equation (4) can be verified as the following theorem:

Theorem 7: Sin θ2

` ∀ A B. sin (vector angle A B) =

sqrt(1 - cos (vector angle A B) pow 2)

30

where sqrt represents the HOL-Light function for square root. The proof of this theorem

was also primarily based on some geometry theoretic reasoning and the existing theorems

of the HOL-Light geometry theory were very helpful in this regard. Theorems 6 and 7 can

now be used to verify our final results, i.e. Equation (5), as the following theorem.

Theorem 8: θ2

` ∀ A B. ∼(A = vec 0) ∧ ∼(B = vec 0) ∧ ∼(A + B = vec 0) ⇒

vector angle A B =

atn ((sqrt (1 - (cos (vector angle A B) pow 2))) /

cos (vector angle A B))

where atn represent the arc-tangent function in HOL-Light. The proof scripts for the

definitions and theorems, presented in this section, is available at [3] and is composed

of approximately 15,000 lines of code, which took about 700 man-hours of development

time by a new HOL-Light user. The development time includes the time spent to learn

the art of formal reasoning and to understand the definitions and theorems available in

the multivariate and geometry theories of HOL-Light. We found the generic nature of

the geometry theory, formalized in HOL-Light, very useful since most of the commonly

used results can be found there and thus directly used. A significant portion of our proof

script is composed of mapping between Cartesian to Polar coordinate system, which was

required because of the referencing to the base frame for both links of the manipulator.

These mappings had to be interactively done because of the different parameters and thus

conditions involved. Moreover, in all the proofs we had to handle the placement of the links

in each quadrant separately, which also required a considerable amount of human guidance.

The main benefit of the formalization, presented in this section, is that it can be built

upon to model robotic structure and perform the kinematic analysis or formalize other

kinematic analysis related foundations, which will in turn enhance the capabilities of the

proposed formal kinematic analysis approach. To demonstrate the utilization and practical

effectiveness of our results, we utilize them next to conduct the formal kinematic analysis

31

of a biped robot.

32

Chapter 5

Application: Biped Robot

A biped robot [16] can be simply defined as a two-legged walking robot. The biped robots

usually exhibit human-like mobility and have found to be more efficient than the conven-

tional wheeled robots for maneuvering fields with ladders, stairs, and uneven surfaces. The

design and analysis of efficient biped robotic systems has attracted the attention of many

researchers and it has been used as a classical case study for many domains in robotics,

which is the main reason why we have also chosen to use it as an application to demonstrate

the effectiveness of the proposed formal kinematic analysis approach.

The biped robot, depicted in Figure 3, consists of five links, namely the torso (l3),

and the upper legs (thighs), i.e, l2 and l4, and the lower legs, i.e., l1 and l5. These links

are connected via four rotating joints (two hip and two knee), which are considered to be

friction free and each one is driven by an independent DC motor. The two hip joints can

be considered as one joint as the effect of forces is ignored while conducting the kinematic

analysis.

The first step in the proposed formal kinematic analysis approach is to construct a

formal model of the given system in higher-order logic. The definition of the two-link

manipulator plays a vital role in this regard as it can be used to model most of the robot

manipulators. The given biped robot can be formalized as a two-link planar manipulator

where each link is itself a two-link planar manipulator, since both of the legs always move

in the same plane:

Definition 5: Biped Robot

` ∀ A B C D. biped A B C D =

tl manipulator (tl manipulator A B) (tl manipulator C D)

33

I1

xo

yo

O

I1C

os

01

I2C

os

0

I2

I3

I4

I5

I4C

os

04

I5C

os

05

2

I1Sin01 I2Sin02 I4Sin04 I5Sin05

01

02

03

04

05

(xe, ye)

(xb, yb)

Figure 5.1: Biped Robot

It is important to note that only four out of the five links are considered in the above

definition. The reason being that these four links are the ones that can alter the dexterity

and precision of the biped robot. Moreover, the point (xb, yb) of Figure 3 has been taken

as the origin (0, 0) in our formalization.

The next step in the proposed kinematic analysis approach is to formalize the properties

of interest as higher-order-logic proof goals. In the case of the biped robot, we are interested

in verifying the forward kinematic equations:

xe = xb + l1 sin θ1 + l2 sin θ2 + l4 sin θ4 + l5 sin θ5 (5.1)

ye = yb + l1 cos θ1 + l2 cos θ2 − l4 cos θ4 − l5 cos θ5 (5.2)

corresponding to the x and y components of leg l5 of the biped robot, which have been

verified using paper-and-pencil proof method in [16]. Besides formalizing these equations,

we also need to mention the required assumptions in the proof goals but it is often the

case that all the assumptions are not known upfront and we only add the obvious ones.

34

However, the subgoals generated during the proof process provide very useful hints for

identifying any missing assumptions, which may be added to the goal after confirmation

from the mechanical designers. This way, we verified Equation (7) as the following theorem.

Theorem 9: x-component of the Biped Robot

` ∀ l1 l2 l4 l5.

∼(l1 = vec 0) ∧ ∼(l2 = vec 0) ∧ ∼(l4 = vec 0) ∧ ∼(l5 = vec 0) ∧

anticlockwise (vec 0) (l1,l2) ∧ anticlockwise (vec 0) (l5,l4) ∧

anticlockwise (vec 0) (basis 1,11) ∧

anticlockwise (vec 0) (l1,basis 2) ∧

anticlockwise (vec 0) (basis 1,l2) ∧

anticlockwise (vec 0) (l2,basis 2) ∧

anticlockwise (vec 0) (basis 1,l5) ∧

anticlockwise (vec 0) (basis 2,l5) ∧

anticlockwise (vec 0) (basis 2,l4) ∧

∼ collinear basis 1, vec 0, l5 ∧

∼ collinear basis 1, vec 0, l2 ∧

∼ collinear basis 2, vec 0, l4 ⇒

(biped l1 l2 l4 l5)$1 =

norm (l1) * sin (vector angle (basis 2) l1) +

norm (l2) * sin (vector angle (basis 2) l2) -

norm (l4) * sin (vector angle (basis 2) l4) -

norm (l5) * sin (vector angle (basis 2) l5)

where basis 2 represents the y-axis of the Cartesian plane. The first four assumptions

assure that all of the links must have non-zero lengths. The next two provide the angle

measuring conventions between the links of each leg while the next eight assumptions

provide the orientations of the angles, given in Figure 3, under which we are interested in

analyzing the biped robot. For example, the assumptions anticlockwise (vec 0) (basis

35

1,11) and anticlockwise (vec 0) (l1,basis 2) ensure that the angle θ1 of leg l1 of

the robot is considered in the clockwise direction from the x-axis of the base frame and in

the anticlockwise direction with the y-axis of the base frame, or in other words that θ1 lies

in the first quadrant. All of the above mentioned assumptions are obvious and were used

while defining the proof goal. While the next three, involving the function collinear are

not so straightforward and thus were not known before the formal verification of the above

theorem. These assumptions assure that the legs l5 and l2 cannot completely align with

the x-axis of the base frame and the leg l4 cannot align with the y-axis of the base frame.

These three assumptions were identified during the formal verification process of Theorem

9 in HOL-Light. These assumptions constitute an essential requirement for Equation (7)

to hold and interestingly were not mentioned in the paper-and-pencil based proof of that

equation given in [16]. The conclusion of Theorem 9 represents the statement of Equation

(7) but instead of having all positive terms added together, as is the case in Equation (7),

has the addition of two positive and two negative terms. Upon noticing this difference,

we double checked our formalization and assumptions but everything was found to be

consistent with the kinematic diagram of the biped robot, given in Figure (3), which was

also the starting point of the paper-and-pencil proof method based kinematic analysis of

the biped robot from where Equation (7) was verified [16]. Upon further investigation, we

found Equation (7) to be erroneous. The problem may be an outcome of a human error

during the paper-and-pencil based analysis or it may have occurred because of an incorrect

swapping of the signs of the terms of Equations (7) and (8) in the original paper [16] as

we also found a discrepancy in Equation (8), which has been correctly verified under the

same assumptions as follows:

Theorem 10: y-component of the Biped Robot

` ∀ l1 l2 l4 l5.

∼(l1 = vec 0) ∧ ∼(l2 = vec 0) ∧ ∼(l4 = vec 0) ∧ ∼(l5 = vec 0) ∧

anticlockwise (vec 0) (l1,l2) ∧ anticlockwise (vec 0) (l5,l4) ∧

anticlockwise (vec 0) (basis 1,11) ∧

36

anticlockwise (vec 0) (l1,basis 2) ∧

anticlockwise (vec 0) (basis 1,l2) ∧

anticlockwise (vec 0) (l2,basis 2) ∧

anticlockwise (vec 0) (basis 1,l5) ∧

anticlockwise (vec 0) (basis 2,l5) ∧

anticlockwise (vec 0) (basis 2,l4) ∧

∼ collinear basis 1, vec 0, l5 ∧

∼ collinear basis 1, vec 0, l2 ∧

∼ collinear basis 2, vec 0, l4 ⇒

(biped l1 l2 l4 l5)$2 =

norm (l1) * cos (vector angle (basis 2) l1) +

norm (l2) * cos (vector angle (basis 2) l2) +

norm (l4) * cos (vector angle (basis 2) l4) +

norm (l5) * cos (vector angle (basis 2) l5)

Nonetheless, the identification of the problem identifies the dire need of a sound analy-

sis technique in the domain of kinematic analysis of robotic applications, which is quite

cumbersome and thus prone to human errors if done using paper-and-pencil proof method

because of the consideration of all the possible scenarios. The proofs of Theorems 9 and 10

were awfully uncomplicated and mainly based on Theorems 5 and 6 and the proof script

comprises of almost 200 lines of code [3], which undoubtedly shows the worth of our work

in the formal kinematic analysis of everyday life applications.

It is important to note that, besides the identification of a bug in the paper-and-pencil

based proof method of kinematic analysis of the biped robot, another distinguishing feature

of the above theorems, when compared with the corresponding equations verified by paper-

and-pencil proof methods [16], is the exhaustive set of assumptions that accompany them.

Paper-and-pencil proof methods, simulation and numerical method based approach cannot

ascertain the explicit availability of all of the required assumptions for the analysis even

though failing to abide by any one of these assumptions may lead to erroneous system

37

designs, which in turn even result in disastrous consequences in the case of safety-critical

systems. On the other hand, given the intrinsic soundness of theorem proving, all the

required assumptions are always guaranteed to be available along with the formally verified

proofs.

38

Chapter 6

Conclusions and Future Work

This thesis advocates the usage of higher-order-logic theorem proving for kinematic analysis,

which is an essential design step for all robotic manipulators. Due to the high expressiveness

of the underlying logic, we can formally model the geometrical relationships between the

mechanical links and joints in their true form, i.e., without compromising on the precision

of the model. Similarly, the inherent soundness of theorem proving guarantees correctness

of analysis and ensures the availability of all pre-conditions of the analysis as assumptions

of the formally verified theorems. To the best of our knowledge, these features have not

been shared by any other existing computer-based kinematic analysis technique and thus

the proposed approach can be very useful for the kinematic analysis of safety-critical robots.

The main challenge in the proposed approach is the enormous amount of user inter-

vention required due to the undecidable nature of the logic. We propose to overcome

this limitation by formalizing kinematic analysis foundations and verifying their associated

properties. As a first step towards this direction, this thesis presents the formalization of

forward and inverse kinematic analysis of a two-link planar manipulator, which can be built

upon to model many practically used robotic manipulators. Based on this work, we are able

to conduct the formal kinematic analysis of a biped robot in a very straightforward way.

The formal analysis highlighted some of the key missing assumptions in the corresponding

paper-and-pencil based analysis of the same problem [16], which clearly indicates the dire

need of using sound methods for kinematic analysis and usefulness of the ideas presented

in this thesis.

This thesis opens the doors towards a novel and promising usage of theorem proving.

The formal kinematic analysis of many other safety-critical robots can be performed. A

39

classical example would be the widely used Selective Compliant Assembly Robot Arm

(SCARA) [4]. Formal reasoning support for other motion related parameters, such as

displacement, rotation, speed, velocity and acceleration, may also be developed by using

our results along with the topological and analytic foundations for vectors available in

Hol-Light. By extending our coordinate frame from 2D to 3D, we are also working on the

formal verification of the Denavit Hartenberg (DH) parameters [6], which are based on the

convention of attaching the coordinate frame to spatial linkages. This verification will pave

the way for conducting the formal kinematic analysis for a much wider range of robotic

applications.

40

References

[1] J. Avigad, E. Dean, and J. Mumma. A Formal System for Euclid’s Elements. Review

of Symbolic Logic, 2(4):700–768, 2009.

[2] B. Becker, L. Cardelli, H. Hermanns, and S. Tahar. Abstracts collection. In Ver-

ification over Discrete-Continuous Boundaries, number 10271 in Dagstuhl Seminar

Proceedings. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, 2010.

[3] M. Binyameen. Formal Kinematic Analysis of the Two-Link Planar Manipulator using

HOL-Light. http://save.seecs.nust.edu.pk/students/binyameen/tlpm.html, 2013.

[4] N. Chivarov and V. Galabov. Kinematics of Scara Robots. Problems of Engineering

Cybernetics and Robotics, pages 51–59, 2008.

[5] A. Church. A Formulation of the Simple Theory of Types. Journal of Symbolic Logic,

5:56–68, 1940.

[6] J. Denavit and R. S. Hartenberg. A Kinematic Notation for Lower-Pair Mechanisms

based on Matrices. Trans. ASME Journal of Applied Mechanics, 23:215–221, 1955.

[7] J. M. Esposito and K. Moonzoo. Using Formal Modeling with an Automated Analysis

Tool to Design and Parametrically Analyze a Multirobot Coordination Protocol: A

Case Study. Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE

Transactions on, 37(3):285 –297, 2007.

[8] Binyameen Farooq, Osman Hasan, and Sohail Iqbal. Formal kinematic analysis of the

two-link planar manipulator. In ICFEM, pages 347–362, 2013.

[9] L. Fryziel, G. Fried, K. Djouani, S. Iqbal, and Y. Amirat. A Kinematic Analysis for

a Hybrid Continuum Active Catheter. Le Grand Bornand, France, 2008. Proceed-

41

ings oh the 7th France-Japon congress 5th Europe-Asia congress on Mechatronics

(MECHATRONICS 2008).

[10] S. Haddadin, A. Albu-Schaffer, and G. Hirzinger. Requirements for Safe Robots:

Measurements, Analysis and New Insights. International Journal of Robotics Research,

28(11-12):1507–1527, 2009.

[11] J. Harrison. The HOL Light Theory of Euclidean Space. Automated Reasoning,

50(2):173–190, 2013.

[12] John Harrison. Without loss of generality. In TPHOLs, pages 43–59, 2009.

[13] Osman Hasan and Sofiene Tahar. Probabilistic analysis of wireless systems using

theorem proving. Electr. Notes Theor. Comput. Sci., 242(2):43–58, 2009.

[14] Y. Hurmuzlu, F.Ganot, and B. Brogliato. Modeling, Stability and Control of Biped

Robots: general framework. Automatica, 10, 2004.

[15] S. Iqbal, S. Mohammed, and Y. Amirat. A Guaranteed Approach for Kinematic

Analysis of Continuum Robot Based Catheter. In Robotics and Biomimetics, pages

1573–1578, 2009.

[16] H. K. Lum, M. Zirbi, and Y.C. Soh. Planning and Control of a Biped Robot. Inter-

national Journal of Engineering Science, 37:1319–1349, 1999.

[17] J.P. Merlet. A Formal Numerical Approach for Robust In-Workspace Singularity

Detection. IEEE Transactions on Robotics, 23:393–402, 2007.

[18] Richard M. Murray, Zexiang Li, and Shankar Sastry. A mathematical introduction to

robotics manipulation. CRC Press, 1994.

[19] D. Myszka. Machines and Mechanisms: Applied Kinematic Analysis. Prentice Hall,

4/e edition, 2011.

42

[20] L. C. Paulson. ML for the Working Programmer. Cambridge University Press, 1996.

[21] D. Petrovic and F. Maric. Formalizing Analytic Geometries. In Automated Deduction

in Geometry, 2012.

[22] T.M. Pham, Y. Bertot, and J. Narboux. A Coq-based Library for Interactive and

Automated Theorem Proving in Plane Geometry. In Computational Science and

Its Applications, volume 6785 of Lecture Notes in Computer Science, pages 368–383.

Springer-Verlag, 2011.

[23] M. Proetzsch, K. Berns, T. Schuele, and K. Schneider. Formal Verification of Safety

Behaviours of the Outdoor Robot RAVON. In Informatics in Control, Automation

and Robotics, pages 157–164, 2007.

[24] J. Ras and A.M.K.Cheng. On Formal Verification of Toyota’s Electronic Throttle

Controller. In Systems Conference (SysCon), 2011.

[25] B.E. Shores and M.A. Minor. Design, Kinematic Analysis, and Quasi-steady Control

of a Morphic Rolling Disk Biped Climbing Robot. In Robotics and Automation, pages

2721–2726, 2005.

[26] C. Sloth. Formal Verification of Continuous Systems. PhD thesis, Aalborg University,

2013.

[27] C. Sloth and R. Wisniewski. Abstractions for Mechanical Systems. IFAC Workshop

Series, pages 96–101, 2012.

[28] M. W. Spong, S. Hutchinson, and M. Vidyasagar. Robot Modeling and Control. Wiley,

first edition, 2005.

[29] D. Walter, H. Taubig, and C. Luth. Experiences in applying Formal Verification in

Robotics. In Computer safety, reliability, and security, pages 347–360. Springer-Verlag,

2010.

43

[30] Y. Wang and G.S. Chirikjian. Propagation of Errors in Hybrid Manipulators. In

International Conference on Robotics and Automation, pages 1848–1853, 2006.

[31] Wolfram Research, www.wolfram.com. Mathematica Mechanical Systems: Kinematic

and Dynamic Analysis in Mathematica, third edition, 2005.

[32] T. Yoshikawa. Manipulability of Robotic Mechanisms. The International Journal of

Robotics Research, 4(2):3–9, 1985.

44