This demonstrator explains how to use the safety related functionalities developed as part of the eITUS Project via a safety analysis use case scenario. A video is also presented, which goes through a demonstration of showing how to perform safety analysis in the context of RobMoSys by using and extending the Papyrus4Robotics toolchain and Gazebo.
eITUS stands for Experimental Infrastructure Towards Ubiquitously Safe Robotics Systems using RobMoSys. Nowadays, safety is a becoming a crucial property of robotic systems. ISO 12100, ISO 13849 and IEC 62061 are some of the most accepted safety standards in robotics, covering aspects such as functional safety. Functional safety is the aspect of safety that aims to avoid unacceptable risks. The system should be designed to properly handle likely human errors, hardware failures and operational/environmental stress.
The safety analysis and validation steps are fundamental aspects to perform the safety assessment. Some of the commonly used risk assessment methods are Preliminary Hazard Analysis, Hazard Operability Analysis, Failure Modes and Effects Analysis and Fault Tree Analysis. Furthermore, fault injection simulations complete these analyses by finding unexpected hazards (fault forecasting) and verifying the implemented safety mechanisms. Figure 2 illustrates how safety analysis is related to RobMoSys’ views.
The RobMoSys project defines structures which enable the management of the interfaces between different robotics-related domains, levels of abstraction and roles. eITUS will broaden the ecosystem by considering safety aspects such as the development of a safety view and the introduction of a new role called safety engineer (cf. Figure 3).
The eITUS approach is explained by using a Cartesian Mode Control System as a use case scenario, whose model in Papyrus is depicted in Figure 4.
Afterwards, the safety engineers created and completes its associated FMEA.
Once the component failure modes are determined, fault injection simulations can be executed. The eITUS framework sets up, configures, executes and analyses the simulation results. Model-based design combined with a simulation-based fault injection technique and a virtual robot poses as a promising solution for an early safety assessment of robotics systems. The added value of including robots and environment models is that the maximum time before the robot dynamics are unsafely affected can be identified. In other words, it allows quantitatively estimating the relationship of an individual failure to the degree of misbehaviour on robot level.
Before starting the fault injection experiments, the Golden system model, which represents a model without any faults in place, and its corresponding simulations must exist.
Once the Golden results have been executed, the safety engineer starts by selecting the system model and the robotics scenario, which includes the operational situation and the robot.
After that, it is important to define the fault injection policy which is referred to as the fault list. This configuration process includes the definition of fault locations (where to inject the fault?), fault injection times (When to trigger the fault?), fault durations (For how long the fault present in the system is?) and the fault model (How does the component fail?).
The original system model is modified though the fault injector script according to the fault list. Out of these faulty models the deployed code is generated, and the simulations are run.
Finally, the obtained simulation traces are compared with respect to the Golden ones. This allows determining if a sufficient level of safety has been reached.
The following video shows:
It is important to highlight how this is an ongoing work and further improvements are planned to be released by the end of the project.
From a technical perspective, the benefits of the eITUS methodology and tools will lead to:
The main incentives from commercial point-of-view are described in Figure 9.
This demonstration has been performed by the eITUS consortium as a RobMoSys (robmosys.eu) Integrated Technical Project (ITP). This project is a joint effort between AKEO Plus, Tecnalia Research and Innovation and CEA, which is a RobMoSys core partner.