Real-Time Robotics Framework

User Tools

Site Tools

You are here: EEROS Wiki » EEROS Architecture » Safety System » Safety Properties
eeros_architecture:safety_system:properties

This is an old revision of the document!

Safety Properties

The classes SafetyProperties and SafetyLevel offer the the basic functionality for the safety levels. A user has to define their own levels and properties of a given robot in a derived class MySafetyProperties. 

  class MySafetyProperties : public eeros::safety::SafetyProperties {

Now you can specify the following properties:

Critical Inputs and Outputs

Define critical output signals, get references to them from the HAL and assign them. 

  eeros::hal::SystemOutput<bool>* watchdog;
  eeros::hal::SystemOutput<bool>* enable0;
 
  HAL& hal = HAL::instance();
 
  watchdog = hal.getLogicSystemOutput("watchdog");
  enable0 = hal.getLogicSystemOutput("enable0");
  ...
  criticalOutputs = {watchdog, enable0, ...};

Define critical input signals, get references to them from the HAL and assign them. 

  eeros::hal::SystemInput<double>* q0;
  eeros::hal::SystemInput<bool>* runButton;
 
  q0 = hal.getRealSystemInput("q0");
  limitSwitchQ0p = hal.getLogicSystemInput("runButton");
  ...
  criticalInputs = {q0, runButton, ...};

Safety Levels

Define safety levels. Each level has a unique number and a description. After this the levels have to be added. The order of adding the levels is highly important and determines their logical ordering. Add the lowest safety level first. If you forget to add some levels the safety system will not check its critical inputs and will therefore not run correctly! 

  SafetyLevel slOff("off");
  SafetyLevel slIinitializing("initialize";
  SafetyLevel slRunning("running");
 
  addLevel(slOff);
  addLevel(slIinitializing);
  addLevel(slRunning);

Safety Events

  • Define and add events to the safety levels. A level can have any number of associated events, including zero (no associated events).
  SafetyEvent seStartInitializing("start initialization");
  SafetyEvent seShutDown("shuting down");
  SafetyEvent seStartRunning("start running");
 
  slOff.addEvent(seStartInitializing, slIinitializing, kPublicEvent);
  slIinitializing.addEvent(seStartRunning, slRunning, kPrivateEvent);
  slRunning.addEvent(seShutDown, slOff, kPublicEvent);
  ...

Each event must be defined kPublicEvent or kPrivateEvent. Private events can only be fired by the safety system itself whereas public events could also be caused by the Control System or the Sequencer.

It is also possible to add an event to many levels. In the following example we add from the level slPowerOn until the level slMoving the event seDoEmergency, which causes a transition to the level emergency and is a public event. 

 // Add events to multiple levels
  addEventToLevelAndAbove(slPowerOn, slMoving, seDoEmergency, kPublicEvent);

Input and Output Actions

  • Add input and output actions to the safety levels. Each safety level has to specify what is done with all the safety critical inputs and how all the safety critical outputs have to be driven. How this is achieved is described in Input / Output Actions

Level Actions

  • Define actions for the safety levels. Each level can cause no or one action.
  slOff.setLevelAction([&](SafetyContext* privateContext) {
    privateContext->triggerEvent(seDoSwInit);
  });
  ...

The method setLevelAction accepts a function, which is used solely here and can be defined without giving it a name. In this example the function is a so called lambda function meaning that it can be passed as a parameter without prior declaration. It must take a parameter itself of type SafetyContext. This ensures that the level function can trigger a private event.

As a last point, you have to specify with which level the system has to start. 

  setEntryLevel(slOff);
eeros_architecture/safety_system/properties.1488204784.txt.gz · Last modified: 2017/02/27 15:13 by graf