system_error_monitor
Purpose
Autoware Error Monitor has two main functions.
- It is to judge the system hazard level from the aggregated diagnostic information of each module of Autoware.
- It enables automatic recovery from the emergency state.
Inner-workings / Algorithms
State Transition
updateEmergencyHoldingCondition Flow Chart
Name |
Type |
Description |
/diagnostics_agg |
diagnostic_msgs::msg::DiagnosticArray |
Diagnostic information aggregated based diagnostic_aggregator setting is used to |
/autoware/state |
autoware_system_msgs::msg::AutowareState |
Required to ignore error during Route, Planning and Finalizing. |
/control/current_gate_mode |
tier4_control_msgs::msg::GateMode |
Required to select the appropriate module from autonomous_driving or external_control |
/vehicle/control_mode |
autoware_vehicle_msgs::msg::ControlModeReport |
Required to not hold emergency during manual driving |
Output
Name |
Type |
Description |
/system/emergency/hazard_status |
autoware_system_msgs::msg::HazardStatusStamped |
HazardStatus contains system hazard level, emergency hold status and failure details |
/diagnostics_err |
diagnostic_msgs::msg::DiagnosticArray |
This has the same contents as HazardStatus. This is used for visualization |
Parameters
Node Parameters
Name |
Type |
Default Value |
Explanation |
ignore_missing_diagnostics |
bool |
false |
If this parameter is turned off, it will be ignored if required modules have not been received. |
add_leaf_diagnostics |
bool |
true |
Required to use children diagnostics. |
diag_timeout_sec |
double |
1.0 (sec) |
If required diagnostic is not received for a diag_timeout_sec , the diagnostic state become STALE state. |
data_ready_timeout |
double |
30.0 |
If input topics required for system_error_monitor are not available for data_ready_timeout seconds, autoware_state will translate to emergency state. |
data_heartbeat_timeout |
double |
1.0 |
If input topics required for system_error_monitor are not no longer subscribed for data_heartbeat_timeout seconds, autoware_state will translate to emergency state. |
Core Parameters
Name |
Type |
Default Value |
Explanation |
hazard_recovery_timeout |
double |
5.0 |
The vehicle can recovery to normal driving if emergencies disappear during hazard_recovery_timeout . |
use_emergency_hold |
bool |
false |
If it is false, the vehicle will return to normal as soon as emergencies disappear. |
use_emergency_hold_in_manual_driving |
bool |
false |
If this parameter is turned off, emergencies will be ignored during manual driving. |
emergency_hazard_level |
int |
2 |
If hazard_level is more than emergency_hazard_level, autoware state will translate to emergency state |
The parameter key should be filled with the hierarchical diagnostics output by diagnostic_aggregator. Parameters prefixed with required_modules.autonomous_driving
are for autonomous driving. Parameters with the required_modules.remote_control
prefix are for remote control. If the value is default
, the default value will be set.
Key |
Type |
Default Value |
Explanation |
required_modules.autonomous_driving.DIAGNOSTIC_NAME.sf_at |
string |
"none" |
Diagnostic level where it becomes Safe Fault. Available options are "none" , "warn" , "error" . |
required_modules.autonomous_driving.DIAGNOSTIC_NAME.lf_at |
string |
"warn" |
Diagnostic level where it becomes Latent Fault. Available options are "none" , "warn" , "error" . |
required_modules.autonomous_driving.DIAGNOSTIC_NAME.spf_at |
string |
"error" |
Diagnostic level where it becomes Single Point Fault. Available options are "none" , "warn" , "error" . |
required_modules.autonomous_driving.DIAGNOSTIC_NAME.auto_recovery |
string |
"true" |
Determines whether the system will automatically recover when it recovers from an error. |
required_modules.remote_control.DIAGNOSTIC_NAME.sf_at |
string |
"none" |
Diagnostic level where it becomes Safe Fault. Available options are "none" , "warn" , "error" . |
required_modules.remote_control.DIAGNOSTIC_NAME.lf_at |
string |
"warn" |
Diagnostic level where it becomes Latent Fault. Available options are "none" , "warn" , "error" . |
required_modules.remote_control.DIAGNOSTIC_NAME.spf_at |
string |
"error" |
Diagnostic level where it becomes Single Point Fault. Available options are "none" , "warn" , "error" . |
required_modules.remote_control.DIAGNOSTIC_NAME.auto_recovery |
string |
"true" |
Determines whether the system will automatically recover when it recovers from an error. |
Assumptions / Known limits
TBD.