Safe-ROS: An Architecture for Autonomous Robots in Safety-Critical Domains

TL;DR

Safe-ROS is a novel architecture designed for autonomous robots operating in safety-critical environments, integrating verifiable safety systems with routine control to ensure safety compliance and operational effectiveness.

Contribution

The paper introduces Safe-ROS, a new architecture combining intelligent control with formally verifiable safety functions for reliable autonomous robot deployment in safety-critical domains.

Findings

Safe-ROS enables formal safety verification of robotic systems.

Implementation of Safety Instrumented Functions (SIFs) improves safety oversight.

Successful deployment demonstrated in nuclear environment simulation.

Abstract

Deploying autonomous robots in safety-critical domains requires architectures that ensure operational effectiveness and safety compliance. In this paper, we contribute the Safe-ROS architecture for developing reliable and verifiable autonomous robots in such domains. It features two distinct subsystems: (1) an intelligent control system that is responsible for normal/routine operations, and (2) a Safety System consisting of Safety Instrumented Functions (SIFs) that provide formally verifiable independent oversight. We demonstrate Safe-ROS on an AgileX Scout Mini robot performing autonomous inspection in a nuclear environment. One safety requirement is selected and instantiated as a SIF. To support verification, we implement the SIF as a cognitive agent, programmed to stop the robot whenever it detects that it is too close to an obstacle. We verify that the agent meets the safety requirement and integrate it into the autonomous inspection. This integration is also verified, and the full deployment is validated in a Gazebo simulation, and lab testing. We evaluate this architecture in the context of the UK nuclear sector, where safety and regulation are crucial aspects of deployment. Success criteria include the development of a formal property from the safety requirement, implementation, and verification of the SIF, and the integration of the SIF into the operational robotic autonomous system. Our results demonstrate that the Safe-ROS architecture can provide safety verifiable oversight while deploying autonomous robots in safety-critical domains, offering a robust framework that can be extended to additional requirements and various applications.