In this article, Sean Felker, Lead Functional Safety Engineer at Brain Corp, outlines the systematic safety steps that robot builders must follow to bring autonomous machines to market that display reliably safe behavior
Flat tires are a fact of life whether there’s a human behind the wheel or not. For autonomous vehicles (AVs) operating as cars on the road, a hypothetical example at scale might look something like this: A single vehicle driving for an hour may only have a one-in-a-million chance of getting a flat, but for 10,000 AVs, that could be a 50% chance of a flat tire every two weeks somewhere in the fleet. Why? Time + scale = more risk.
All autonomous systems inherently involve risk because they are machines, and machines can malfunction. These types of systems include both hardware and software, which results in a high level of complexity. That’s why builders must carefully analyze the hazards associated with the various functions of the system. Some machines are more dangerous than others. Hence, different types of systems must be designed to meet the appropriate risk reduction level for its application. Clearly, a system designed for autonomous cars or passenger planes should have a higher safety designation than a small household robotic vacuum.
Although Brain Corp’s Autonomous Mobile Robots (AMRs) move much slower than AVs and are less likely to cause injury, the reality is that they operate around people in close quarters. And, unlike today’s AVs, AMRs powered by BrainOS already operate at a large scale without a person immediately present to take over via manual override. That’s why Brain Corp follows a rigorous and systematic safety planning process.
More than a product attribute, safety is a process To bring machines to market that display reliably safe behavior, like AMRs powered by BrainOS, builders must follow the below steps:
1. Assess risks: Identify hazards and risks to quantify how reliable a safety system needs to be. This involves understanding critical safety functions and ranking risks by severity and probability in order to appropriately allocate resources. They must also consider any potential risks posed by the environment in which a system will operate. This is a particularly important and difficult assessment for new forms of robotics like AMRs, which is why maximum data capture and ongoing assessment are both very important.
2. Define and document requirements: Determine the functions that will protect against the identified risks and hazards, and document them clearly, so that later testing can be mapped directly to the requirements in a transparent way.
3. Design and analyze system architecture: Conduct a probabilistic system failure analysis and define the main critical safety components and information flow within the system architecture. Design redundancy into the system’s hardware and firmware in case of partial failure. As an example, the Brain Corp approved system for AMRs includes both the main navigation system and an independent microcontroller-based system that serves as the backup. For AMRs, there are three critical subsystems to analyze: obstacle detection, cliff detection, and speed control.
4. Introduce safety code: Update hardware and software with self-monitoring diagnostics. Hardware must meet quantified reliability goals for failure modes and effects. Evaluate the ways each safety function component could fail, and the impact and probability of each type of failure. Design software according to rulesets that minimize indeterministic behavior.
5. Validate: Test and analyze all individual components and integrated systems. All safety code should undergo fault injection tests and source code should be analyzed for rule violations.
Once the hardware and software are combined on a vehicle, a quality assurance team must conduct functional tests to see how the system performs in real-world scenarios.
6. Monitor and update: Perform ongoing monitoring, using data and cloud-based fleet management.
Organizations must engage in continuous observation and documentation of a system’s performance for its entire product lifecycle to confront risks as they appear. Insights from the recorded data are used to inform improvements to the system.
Today, as more AMRs are being deployed to help with cleaning and disinfecting during the COVID-19 public health crisis, safety is as important as ever. In fact, it’s a top Brain Corp priority, which is why our safety process is so extensive and stringent. The payoff is that machines are enabled to be reliable and safe at scale over time.
The AMR market is still in its infancy, so it will need ongoing engagement to achieve a consistent application of safety processes as it continues to grow. Brain Corp is committed to working with partners on machine safety and will continue to lead the industry in safety planning.