Safety-critical WG

I’m afraid I will be on vacation from July 1st through the 5th and will be unable to attend this instance.

I am interested in contributing to this and will attend the next meeting.
We are making our systems safe and we are parsing the necessary standards to understand what we need to do for ROS. ROS safety is a very critical piece for our company.

A bit of background on my experience. I have taken surgical robots + surgical navigation through FDA certification (software, system and hardware) and have done similar analysis for modular industrial robot arms. Right now I am deep in this for self driving vehicles and its all the same once you have gone through the process.

2 Likes

Great to have you, @Shawn_Schaerer!

I know from my own experience that the medical domain and the automotive domain are not exactly the same, but it will be good to hear from someone who’s been heavily involved in both what the specific differences are and if they matter or not.

Here are the minutes for the meeting held on 2019/07/03.

Participants

  • Geoffrey Biggs (Tier IV/The Autoware Foundation)
  • Jacob Hassold (DCS)
  • Lalit Begani (Intel)
  • Matt Droter (ROS Agriculture)
  • Shawn Schaerer (Northstar Robotics)
  • Sohin Shah
  • Victor Mayoral (Acrutronic Robotics)

Discussion

  • Reviewed ideas that have been thrown around so far
  • Sohin gave a presentation on the small lawn tractor application from ROS Agriculture that we are considering for our reference application
    • ros_lawn_tractor_safety.pdf (1.1 MB)
    • A retrofitted lawn tractor, with a Rasperry Pi 3 providing the ROS master and an NVIDIA Jetson Nano for the AI-based perception.
    • The use case is to cover an area while avoiding obstacles
    • The response to (dynamic) obstacles is to just stop and wait for the operator to help
    • Current safety features are:
      • An estop; loss of power to this relay kills the engine
      • A remote kill switch
      • A tele-op deadman switch
    • Ultrasonic range sensors are planned
    • The navigation stack (in ROS 1) has disadvantages for safety, e.g.:
      • The stop response for obstacles causes the local planners to enter recovery behaviours, which eventually leads to the goal being abandoned.
      • Declaring an emergency doesn’t mean anything unless the nodes performing their actions are actually killed.
    • They have designed three different levels of safety threats
    • They have a lot of questions about how to do safety properly
    • They lawn tractor is being used in an agriculture robot challenge (agBOT Challenge), which has quite well-defined environments and goals that could be useful to define a reference application
  • Acutronic has a sample use case they have been using for their security work
    • They are putting together a simple pick-and-place use case using a simple modular robot arm
    • The use case is fairly detailed and an excellent starting point for doing safety work
  • To be clear, we do not intend to produce a set of general safety documentation for using ROS in a safety-critical system, but provide safety documentation for the ROS-related parts of a specific application on a specific robot as an example of how
  • There is an EU project for security and safety being proposed by Acutronic Robotics called RECLAIM
    • If the project gets funded, then Acutronic Robotics believes they can bring in some experts in safety for robotics to contribute to the working group
    • Funding result is expected to be known by the end of the year
4 Likes

Good meeting today. Should we get our own subcategory on discourse that is specific for the Safety-critical WG?

Is there yet a slack or discord channel where everyone talks (or IRC?)

Hello !

I am very interested in this initiative towards safety, even though i have limited experience in the subject. I hope that, by getting involved, i can start building up some practical experience in safety for robotics and embedded software.

I have experience with:

  • embedded software programming in general, with c, c++
  • python programming
  • hardware design, hw fault tolerance, hw verification
  • limited experience with sw verification
  • ROS and robotics

I also coordinate a robotics lab where we have autonomous boats and drones using APM/ROS. Perhaps, if you need more case studies for the safety methods, i could provide additional details.

Considering the 1st post of this thread, I believe I could contribute to:

  • Use of tools to support the above
  • Additional processes, tools and methods needed for building a safety-critical robot that are not currently covered by something in ROS but could be
  • How to make the client libraries usable in a safety-critical system, and work on safety-focused client libraries (for example, a SPARK client library)

So, i am really interested in the subject. If someone with more experience wants to give me some hints about readings, papers, etc. Please, go on !! dont be shy ! :slight_smile:
Please, also fell free to suggest ‘homework’ , assignments , etc.

thanks !!!
Alexandre Amory - LSA/ PUCRS

1 Like

@Amamory We had a Functional Safety Engineer stop by the ROS-Agriculture community meeting. If you are interested here is his talk. https://youtu.be/s-fSUk30Yhc?t=184

@Josh_Harlow There is a discord group (http://rosdiscord.com/) and IRC (#freenode_#ros:matrix.org web-based client - https://about.riot.im/) for ROS.

1 Like

@droter thanks for the sugestion. It is a very didactic presentation. However, I am fairly familiar with the basic defitions in the area of Safety. What I am really expecting is some ‘hands on’ problem to start getting some actual design experience in Safety.
I believe I will start by studing this doc.
design.ros2.org/articles/ros2_threat_model.html

thanks again !

I’m happy to discover this group !!!

Railway industry will use more and more robots in the future : autonomous trains and also maintenance robots. I “campaign” for a ROS usage for all those applications. But the certification is a major issue for railways…
Some safety requirements for our industry in Europe are described in 3 norms : EN 50128, EN 50129 and EN 50126.
Those norms correspond with different levels (software - 128, system - 129, specification and demonstration of RAMS*)

Is it already possible to compare the content of those documents (or may be first the EN 50128) with the decisions made for ROS2 ?

RAMS : Relaibility, Availability, Maintainability, Safety

Hi All,

I was looking for the some good discussion forum for functional safety with ROS in robotic applications.
I believe I have landed on the right place.

I am currently involved in a development of a mobile robot with a safety goal of PLd. I would like to to participate in the discussion and I have decent understanding of functional safety.

Hi LRJ,
EN 50128 is a standard based on EN 61508 and as far as I know, nothing in ROS 2 has been done to comply with 61508 or any other standard based off of it.

I haven’t had a chance to read it yet, but this white paper on “Safety first for automated driving” may have some relevant info.

I am just starting to parse that one. I’ll post a summary

I’ve parsed most of the document (sans the V+V part) and my take is that there is not a lot that could be derived for defining ROS Safety. This is a good document for groups building self driving cars on top of ROS like the Autoware group.

Do you mean IEC 61508 here?

Yes I mean , IEC 61508

I too excited to see some forum discussing “functional safety”.

@Amamory @xdaco - Is it good idea to form beginners/learners group, to explore
this space ?

Thanks
shamb0

For those interested in the next WG meeting, please see this post.

Well ISO 26262 is of course derived from IEC 61508 - there has been quite a bit of work on ISO26262.

There seems to be quite a bit of overlap between this and the real-time ROS group.

David