A method for reliability detection of automated guided vehicle based on timed automata

To ensure the normal operation of the automated guided vehicle, the system must pass the reliability test in the process of design and manufacturing. Unreliable events are small probability events, which is not easy to be detected by using experimental methods. Besides, a lot of testing work is needed. In this paper, a time automata based reliability detection method of automated guided vehicle is proposed and the model of the vehicle is built in the design stage.The counting function related to reliability calculation is introduced to record the occurrence number of reliability-related events. The timed automata is used to qualitatively test the design model of the automated guided vehicle. After the model is proved to be correct, the timed automata model of the automated guided vehicle is automatically iterated by using the simulation function of the model detection tool. The simulation data can be used to quantitatively test the reliability of the design model of the automated guided vehicle. The simulation results show that the proposed method can calculate the reliability of the automated guided vehicle for the design stage. The reliability is evaluated quantitatively to provide reliability guarantee for engineering design.


Introduction
The Automated guided vehicle (AGV) is a robot system that can realize automatic navigation without human interference in driving, which can improve production efficiency and safety greatly, enhance the automation level of production, liberate human and material resources and reduce operating costs. The AGV is originated in the 1950s, after years of development in logistics (L Sabattini et al., 2018), transportation (Qiunan, 2017), manufacturing  and other fields, AGV has been widely used. In recent years, with the continuous maturity of the internet of things technology, the hardware of the AGV has become modular and integrated (Oyekanlu et al., 2020), and the functions of various hardware modules have been relatively perfect, which forms a product-level module. Therefore, the research on the AGV has also entered the software optimization stage from the hardware design stage. Karim et al. analyzed the hardware design of the AGV. By changing the structure of the vehicle or optimizing the charging mechanism, the system performance is improved and the hardware design is optimized. Based on the software performance of the guided vehicle (J. C. Chen et al., 2021;Karim et al., 2021), Farooq  and decision-making performance, as well as the cooperative scheduling algorithm and the energy efficiency improved according to the optimal tracking system synthesis theory (Farooq et al., 2021;Gao et al., 2021;Holovatenko & Pysarenko, 2021). With the progress of artificial intelligence technology, the introduction to intelligent algorithms has promoted a variety of fields, such as image analysis and processing (Zeng, Li, et al., 2021;Zeng et al., 2019), algorithm optimization (Zeng, Song, et al., 2020;Zeng, Wang, et al., 2020) and other aspects. In recent years, the introduction to artificial intelligence algorithm, such as Dijkstra algorithm , effective iterated greedy algorithm (Zou et al., 2021) and Hungarian algorithm , has promoted the design reform of automated guided vehicle, which has become more and more complex. To ensure the current application needs in the fields of industrialization 4.0 and smart city (P. J. Chen et al., 2021;Liu et al., 2021), the design of the automated guided vehicle has to face more complex application, so researchers also put forward higher requirements for the reliability of the automated guided vehicle. Reliability testing is a testing method that places a product in a natural or artificial environment and evaluates the function of the product in use, transportation, storage and other aspects during the specified service life. At the same time, it is also a detection method to verify whether it reaches the production standard, to evaluate the whole product and determine the reliability life of the product. In industrial production, reliability testing is applied to various fields, which can help managers and engineers to evaluate the reliability of the products and optimize the design of the products. In the design of the automated guided vehicle, reliability testing is an important means to ensure its normal use.
One of the solutions currently applied to the reliability testing of guided vehicles is experimental testing based on the real system. For example, Jeon et al. investigate and analyze the application trend of the technical characteristics of RCS (Remote Control System) in AGV, and establish the RCS quality evaluation system to ensure the reliability of RCS of AGV (Jeon & Kang, 2017). Another approach, which is based on model detection and simulation (Fazlollahtabar & Niaki, 2017). For example, Hamed et al. integrate fault tree analysis (FTA) with the reliability block diagram (RBD) method, which aims to conduct a comprehensive FTA on the key components of industrial robots to study the reliability of robot systems. Taking a typical AGV transportation system as an example, Yan et al. (2017). follow the principle of fault mode impact and criticality analysis (FMECA) to evaluate the reliability of the AGV system through a combination of Petri Net and FTA. Fazlollahtabar et al. model the AGV system, and then combine the RBD method with the FTA to study the reliability of the robot system.
In the design of the AGV, with the improvement in its function, more and more function modules are added to the AGV system, which adds complexity to the design. The reliability test of the AGV requires full retrieval of the state space of each component. Since the unreliability of the AGV is a small probability event, the experimental test scheme needs a lot of verification, and it is generally difficult to ensure the occurrence of small probability events by using experimental methods. At the same time, the model checking method also faces the challenge of state-space combination explosion. As a model checking technology, timed automata are often used in the fields of protocol verification (Li, 2014) and system behaviour stability analysis (Shengxin et al., 2017). In recent years, model checking tools for timed automata, such as UPPAAL (David et al., 2015), have been able to detect large-scale systems by optimizing model checking analysis, which produces good performance in the modelling of the medical monitoring system (Wetselaar et al., 2020), vehicle network system (Guo et al., 2019), system linkage control (Meng et al., 2021) and so on. In this paper, the timed automata tool is used to model and analyze the design of AGV. Aiming at the design reliability problem of the AGV, the system frame is established by using the timed automata. Moreover, the design of the system is tested. Through the iteration of the simulation tool, the reliability factor is added during the detection to conduct a quantitative analysis on the reliability of the vehicle. According to the test results, the design of the AGV can be adjusted to achieve the purpose of optimizing.

The model of AGV
To realize the function of automatic pathfinding and cargo handling, in addition to the frame and other structural design, the main components of the AGV include power execution components, core control modules and sensors related to the navigation system. With the improvement of hardware functions, various functions have been integrated into the form of modules in recent years, which is convenient for users to assemble freely and form automatic navigation handling devices under different system requirements. In the design of this paper, we take a visual navigation mode as an example to illustrate the model reliability detection method, which mainly includes a central control module, motor drive module, camera module, power module and display module.

The hardware structure design of AGV
The hardware of the AGV is the combination of the subfunctional modules of the automated guided vehicle. In the process of continuous development and improvement of the hardware of AGV, modular products of high integration degrees have been formed according to functional classification. In the example presented in this paper, the central control module consists of microcontrollers with satisfactory performance, which is used to process signals sent back from other modules. The sensor in the navigation system is mainly composed of an image acquisition module, which can be completed by camera equipment. The camera module is used to acquire the surrounding environment information in realtime, establish the vision detection system to identify the path, realize the real-time acquisition and image display of multiple path identification, and complete the path planning and other operations combined with the relevant software. The power executive part is composed of a motor drive module, which is used to receive the signal from the control centre and control the rotation of the navigation wheel, which is to realize the movement of the car. In addition, there is a display interface in this design, which is composed of a display module to show the environmental information captured by the camera module. The power module in the design is to supply power to the central control module and the motor drive module.
The system hardware block diagram of the AGV is shown in Figure 1, in which the central control module is connected with the camera, display and motor drive module through the system bus, and the whole vehicle is driven by the power supply.

Control process analysis of AGV
In this system, the overall function design revolves around the navigation function, and the hardware workflow is as follows: the camera module transmits the acquired environmental information back to the central control module, in which the central control module extracts and analyzes the environmental information. For example, path planning is carried out by extracting the path from the centreline. The central control module analyzes the result of path planning and converts it into pulse signals to control the rotation of the motor module. And the display module shows the environmental image information obtained by the camera.
The control process of AGV includes the following steps: hardware setting and path initial value setting are completed in the process of system initialization, then the control centre receives information from the sensors. Last, the instruction is sent to drive the motor after processing the information to achieve the completion of the planned path and the function of automatic navigation. Figure 2 shows the process of the primary sensor information. The central control module issues work instructions, and the sensor such as the camera begins to collect the information, and the information is sent back to the processor for information processing synchronously, thus complete the path-finding related algorithm operations.

Navigation analysis of AGV
Path planning and navigation are the core technologies of the AGV. In our work, path planning and navigation are carried out based on the centreline of the road network. In path planning, the extraction of the centre line is particularly important. The navigation part of the AGV is completed by the camera module and the core control module. First, the core control module sends instructions to the camera module, and the camera module starts to work. At this time, the camera module starts to acquire the information of the surrounding environment in realtime and sends the information back to the core control module. Then the core control module uses the centreline method to carry out path planning. The method of centreline path planning is divided into the following five steps: (1) get the road network information.
(2) the road network is divided into several edge pairs according to the road edge information. (3) constraint triangulation networks for each pair of edge lines are established respectively. (4) the centreline of each sideline pair unit is extracted according to the constrained triangulation net. (5) connect the centreline of each sideline pair unit according to the connection rules to generate the centreline of the road network. The system extracts the centre line and realizes the road planning by this method. According to the result of path planning, the core control module sends the signal back to the motor drive module, and then the motor drive module controls the rotation of the wheel to realize the navigation function.

Timed automata reliability modelling
The timed automata is a modelling and verification theoretical tool proposed by Alur and Dillhave, which combines the clock set on the basis of finite automata. As a model checking tool, timed automata has developed into a practical theory with mature model checking tools, which mainly analyze and detect real-time systems. Reliability is one of the standards to verify the performance of the system, which means the components or the system can perform relevant functions without failure under certain conditions. For a product, the more reliable the better, the longer it can work. Reliability consists of three elements: durability, maintainability and design reliability. Durability refers to the time or life length of a product that can be used normally. Maintainability means that when a product breaks down, it can quickly troubleshoot the problem through maintenance so that the product can reach the initial state of use. Design reliability means that various error factors are fully considered in the design of the product to improve the ease of operation of the product.
This section first gives the extended definition of timeautomata-based reliability modelling, then explains the specific calculation details of reliability, and finally, the reliability testing and modelling flow of the AGV based on timed automata is given.

Reliability count timed automata definition
A timed automata is a finite automaton with a set of clocks. A clock set is a finite set of clocks, each of which is a variable with a value range of 0 or positive numbers. Transitions between timed automata states can only occur if clock constraints are satisfied. The state of a timed automata can be attached with the property of 'position invariance', which is also a clock constraint to ensure that the state does not stay in place. This kind of automation is called a 'time safe automaton'. The timed automata not only has several real-valued variables attached but also is an abstract model of the timing system. The state of a clock can only jump if it satisfies the clock constraint. The state transitions of each node of the timed automata are closely related to time, that is, whether an action can occur at a certain time interval is completely determined by all the time values related to the behaviour of the system. The timed automata tool does not provide a reliability calculation method in the modelling process. Here, a counter related to reliability calculation is introduced to complete the analysis of the system state. The counter is added in the state transition of timed automata to complete the calculation function of reliability.
A timed automata with an increased reliability count is defined as a TA = (L, L 0 , L u , TA , C, I, E, F), here: L is the set of states, with each state represents a position in the timed automata transition diagram. L 0 is the set of initial states, which is the initial position in the timed automata transformation diagram. L u is the set of termination states, which is the end position in the time automatic transition diagram.
TA is a set of input symbols, which can be regarded as event inputs in system design. C is the clock set. I is a clock constraint, L → (C), putting each position corresponding to a clock constraint.
represents the transformation project from one state to another, meeting the corresponding time constraints, enter the event, the system transitions from one state to another, and resets the clock in 2 C . F is a counting function, L → F(), which represents the number of records of passing an edge and is used as the basis for calculating the reliability of the transformation.

System reliability calculation model
When analyzing system reliability, the type of system reliability model should be considered first. Generally, reliability models can be divided into series models and parallel models. In this paper, the modules involved in the AGV system are in series or parallel. There is more than one series model in the reliability model building of AGV, which is always distributed in each part of the system. For example, the combination of the camera module, the central control module, the motor drive module and the wheel is a series model. In the series model, the principle is that the camera module collects data, and then transmits it to the central control module according to the bus, the central control module then transmits the processed data back to the motor drive module. Finally, the motor drive module controls the rotation of the wheel according to the data signal sent back by the central control module. The block diagram of the series model is shown in Figure 3. From which, the mathematical expression of the serial model can be obtained as follows: where: R s (t) is the reliability of the system, R i (t) is the reliability of the unit, n is the number of units that make up the system. In the reliability model of AGV, the parallel model is also involved in the whole model. For example, in the pathfinding process, the navigation system consists of a camera module and a core control module. When driving on the designed path, which is not fully guaranteed, the navigation system can introduce the rectifying system module to correct the wrong path and the two systems work in parallel.
The block diagram of the parallel model is shown in Figure 4: From the above block diagram of the model, the mathematical expression of the serial model can be obtained as follows: Where R s (t) is the reliability of the system. R i (t) is the reliability of the unit, n is the number of units that make up the system.

Reliability calculation process of AGV
The reliability testing method for the system consists of the following steps: establish the reliability model and  assign the reliability, carry on the reliability prediction, formulate the reliability design criterion, failure mode impact hazard analysis, fault tree analysis, potential path analysis, circuit tolerance analysis, specify component outline and identify key products for reliability, determine the impact of functions and tests on reliability. In this paper, we use the extended timed automata tool to build the model of the AGV, which includes the establishment of the system model, and then continue the qualitative and quantitative analysis of the system model. The function module modelling of integrated reliability is shown in Figure 5. In Figure 5, a sensor is set up to receive external signals and transmit them to the CPU for processing. In the process, counting functions F1() and F2() are used to record the count of related processes executed by the system respectively. At the end of the simulation, the number of execution of the function module can be calculated through the correlation count of each function module. On this basis, the structure of the system is analyzed again, and the reliability index of the system can be calculated by using the calculation method in Section 3.2.

Modeling of reliability detection model of AGV
In the paper, the AGV is divided into several levels from top to bottom: the AGV representing the system, the power module, motor drive module, display module and camera module representing the subsystem, a component that represents the various modules of a component, which is shown in Figure 6.
The following is the modelling analysis of each component of the AGV. Since this model is the reliability analysis of the automatic navigation vehicle, the operation details that do not affect the reliability is simplified, and the model is only carried out in the part that affects the system reliability.

Core controller and bus model
The core controller of the AGV is generally connected with the bus. When the signal is connected, the bus receives the signal, and the core MCU processes it directly. Generally, the system is in idle state, waiting for the system to input the signal. Here, the other devices of the AGV are divided into two categories, one is the sensing device, which is used to receive external signals, such as visual sensors, and the other is the executive device, which is used to execute the instructions issued by the core controller. In addition to these two types of devices, all kinds of intelligent module programmes are used as another type of input, but the programme is not the real input. In a module that occupies MCU resources, its operation mode is mostly in parallel with peripheral devices. For example, when the navigation vehicle collects information or executes control instructions, the MCU's computing power can be used to control the operation of the navigation vehicle at the same time and the intelligent module can be executed concurrently. Therefore, summary and core controller model are shown in Figure 7(a), where idle state is the standby state of the system, receiving scheduling instructions from sensors, devices and intelligent modules respectively, and in the navigation vehicle system, Ps, Pp, and Pd is the processing status of receiving sensor synchronous signal Sr, programme scheduling instruction Po and equipment operation status information Dv respectively. After the processing process is completed, it runs to S_end, P_end, D_end state respectively, and finally return to standby state. Among them, Ps_P(), Po_P() and Pd_P() are used as the carrier function, which are used to process the records of the running state of each component and provide data support for the calculation of reliability.

Program modelling of navigation vehicle equipment and intelligent module
In order to discuss the reliability problem, only the equipment of the navigation vehicle is used as the signal transmission source to process and device operation details are masked. Therefore, the model of the sensor device of the equipment is shown in Figure 7(b), where sl and su variable are the start and end time of the sensor data collection, during which the sensor will send the collected data to the core control module for processing, and sr are used for synchronous control, S_ start is the initial state of the sensor. The equipment of the navigation vehicle, such as motor and steering device, which is abstracted as the equipment model, as shown in Figure  7(c), where du and dl are the starting time and feedback time of the equipment respectively, D_ start is the initial state of the device, Dv is the synchronization signal of the device. The software module is also treated as an information receiving and processing device. In order to calculate the reliability conveniently, the model of the software module is established, as shown in Figure 7(d), where P_ start is the initial state of the software, assuming that the running time interval of the software module is from pl to pu, the end of calculation signal is also sent to the core controller for scheduling when the software is running and calculating, and Po is set as the synchronization variable to handle the synchronization after the software module is running.

Calculation method of reliability model
The reliability of the model can be calculated by the counter in the model. In the navigation system, the sensor, the device and the core controller are connected in series. Generally, during the operation of a navigation vehicle, the sensor needs to collect data, the controller processes and judges the data, and finally sends the execution instructions. In this process, the components work serially in chronological order. At the same time, the core controller calls in the software module for other calculation, such as the error correction programme to correct the driving of the navigation vehicle. This kind of programme can provide guarantee for the navigation function of the navigation vehicle. Therefore, this kind of software module runs in parallel with sensors and execution equipment, which improves the safety of the system. According to the calculation method in Section 3.2, the sensor, the executive device and the error correction software module in the model are processed respectively. During a test period, the sensor and actuator work serially, and the software module carries out calculation in parallel with the working process of this serially working. Therefore, it is advisable to set the running times of the sensor as Ps, the running times of the executive device as Pd and the running times of the calibration programme as Po.
The reliability of the navigation vehicle can be seen as a series system of sensors and actuators, which is combined in parallel with the calibration programme. Therefore, the reliability of the whole system in the test time can be seen as the combination of such a number of processes, which can be calculated serially through the counter during the test. The reliability of navigation sensor is set as follows: In the formula: R is (t) is the error of each acquisition of navigation sensor. similarly, the reliability of the execution equipment is set as follows: In the formula: R id (t) is the system error caused by each execution of the execution equipment. During this period, the reliability calculation of the error correction programme is set as follows: In the formula: R sp (t) is the reliability of every programme run.
The overall reliability of the system is calculated according to the series and parallel rules in Section 3.4.

Test and simulation analysis of reliability model checking for automated guided vehicle
This section takes the navigation part of the automated guided vehicle, the motor-driven wheel execution equipment and the automatic navigation correction programme as a group of functional models to analyze the reliability of the automated guided vehicle.In this navigation, the machine vision module is selected for navigation, and the motor drive uses the front and rear two motor drives. During the operation of the navigation sensor, the software is used to improve the operation of the sensor and the navigation vehicle. The calibration programme runs simultaneously with the acquisition process. The following is the qualitative proof and simulation verification of the established reliability detection model, which provides the basis for the correctness of the system design and the optimization of the system design.

Validation of reliability model checking
In order to ensure the correctness of system reliability verification, it is necessary to verify the correctness of the established reliability model checking. Here, the BNF expression is used to qualitatively analyze the reliability model, and to check whether the verification model of system reliability related properties is reasonable. Table 1 lists the verification results of some properties. According to the verification results in Table 1, several related reliability properties can be verified. For example, the first one represents that the system core can deal with the event in time when the equipment and sensors are running, and the related reliability will affect the operation of the whole system. The second one represents that when the core controller is waiting, the corresponding sensors and other components have been executed. The third one represents the operation status of the equipment and sensors and the calibration programme can be executed in parallel. After verification, the above properties are satisfied, which indicates that the related properties of the reliability detection model of the automatic navigation vehicle can be verified correctly. If there are other needs in the actual design, the BNF expression can be added to judge its correctness.

Simulation analysis of automated guided vehicle reliability testing
Assume that the navigation module of the automatic navigation vehicle adopts the vision sensor, and the sampling time is about 12 ms. We may set the sampling and normal processing time as 10-12 ms, the front and rear wheel drive adopts the coding motor, and the signal feedback time is 10-13 ms. There is an error correction programme in the system to ensure the reliability of the system operation. Each time the data calibration cycle is 1-3 ms.The calibration programme runs in parallel with sensor module and motor module. The simulation tests the influence of components under different reliability standards on the reliability of the whole vehicle design. Table 2 shows the preset parameters, in which the value is reliability.
As shown in the table, the first line of data represents that the sensor reliability is 96% and the coding motor reliability is 90%. At this time, the reliability of the calibration programme is 97% respectively. At this time, the influence of the calibration programme reliability on the vehicle reliability can be compared through simulation. The second, third and fourth lines represent similar meanings. The simulation model takes 1000 unit time as the test cycle. When the first line in Table 2 is set, the simulation comparison diagram is shown in Figure 8.
The data in the first line of the figure represents the situation that the system performs the correct rate simulation in the case of the reliability equipment in the first line of Table 1. Similarly, the data in the second, third and fourth series represent the situation that the system performs the correct rate simulation in the case of the reliability setting in the second, third and fourth lines of Table 1. The ordinate of Figure 8 represents the system execution accuracy, and the abscissa represents the sampling time. From the simulation results in Figure 8, it can be seen that after the reliability of the sensor is improved, the accuracy of the system is improved. From the comparison of the simulation results in series 1 and series 2, it can be seen that when the reliability of the coding motor is improved, the accuracy of the system execution is greatly improved. After that, the improvement of the reliability of the system correction system has little impact on the correct execution of the system. So through the simulation analysis, we can draw the following conclusions: in the process of improving the system reliability, the reliability of the system can be greatly improved by improving the reliability of the sensor components and the editing motor in the transmission device. But for the programme of system error correction, because of its low error rate, this index can only improve the reliability of the system by a small margin.

Conclusion and summary
This paper studies the modelling and model analysis method of the reliability detection model of the automated guided vehicle. Because the automated guided vehicle is widely used in production, the reliability analysis of the system in the design stage of the automated guided vehicle can reduce the probability of system error. The strict quality control in the design of the automated guided vehicle system makes the error become a small probability event, so it is very difficult to detect the reliability of the navigation vehicle through the actual use case, it is also very difficult to detect the system comprehensively. Therefore, this paper introduces the formal modelling method to model the reliability detection model of the automated guided vehicle, and mainly uses the timed automata tool to analyze the model. Also, this paper mainly uses timed automata tools to qualitatively test the design correctness of the model, and then introduces the simulation method. Combined with the formula of reliability calculation, the factors that affect the correctness of system operation are simulated and calculated, and the quantitative conclusion is given. The related components that affect the correctness of system execution are pointed out, which provides a theoretical basis for the optimal design of the system. The method provided in this paper can be used as a reference for practical engineering application.