system_error_monitor
Purpose
Autoware Error Monitor has two main functions.
It is to judge the system hazard level from the aggregated diagnostic information of each module of Autoware.
It enables automatic recovery from the emergency state.
Inner-workings / Algorithms
State Transition
updateEmergencyHoldingCondition Flow Chart
Name
Type
Description
/diagnostics_agg
diagnostic_msgs::msg::DiagnosticArray
Diagnostic information aggregated based diagnostic_aggregator setting is used to
/autoware/state
autoware_auto_system_msgs::msg::AutowareState
Required to ignore error during Route, Planning and Finalizing.
/control/current_gate_mode
tier4_control_msgs::msg::GateMode
Required to select the appropriate module from autonomous_driving
or external_control
/vehicle/control_mode
autoware_auto_vehicle_msgs::msg::ControlModeReport
Required to not hold emergency during manual driving
Output
Name
Type
Description
/system/emergency/hazard_status
autoware_auto_system_msgs::msg::HazardStatusStamped
HazardStatus contains system hazard level, emergency hold status and failure details
/diagnostics_err
diagnostic_msgs::msg::DiagnosticArray
This has the same contents as HazardStatus. This is used for visualization
Parameters
Node Parameters
Name
Type
Default Value
Explanation
ignore_missing_diagnostics
bool
false
If this parameter is turned off, it will be ignored if required modules have not been received.
add_leaf_diagnostics
bool
true
Required to use children diagnostics.
diag_timeout_sec
double
1.0
(sec)
If required diagnostic is not received for a diag_timeout_sec
, the diagnostic state become STALE state.
data_ready_timeout
double
30.0
If input topics required for system_error_monitor are not available for data_ready_timeout
seconds, autoware_state will translate to emergency state.
Core Parameters
Name
Type
Default Value
Explanation
hazard_recovery_timeout
double
5.0
The vehicle can recovery to normal driving if emergencies disappear during hazard_recovery_timeout
.
use_emergency_hold
bool
false
If it is false, the vehicle will return to normal as soon as emergencies disappear.
use_emergency_hold_in_manual_driving
bool
false
If this parameter is turned off, emergencies will be ignored during manual driving.
emergency_hazard_level
int
2
If hazard_level is more than emergency_hazard_level, autoware state will translate to emergency state
The parameter key should be filled with the hierarchical diagnostics output by diagnostic_aggregator. Parameters prefixed with required_modules.autonomous_driving
are for autonomous driving. Parameters with the required_modules.remote_control
prefix are for remote control. If the value is default
, the default value will be set.
Key
Type
Default Value
Explanation
required_modules.autonomous_driving.DIAGNOSTIC_NAME.sf_at
string
"none"
Diagnostic level where it becomes Safe Fault. Available options are "none"
, "warn"
, "error"
.
required_modules.autonomous_driving.DIAGNOSTIC_NAME.lf_at
string
"warn"
Diagnostic level where it becomes Latent Fault. Available options are "none"
, "warn"
, "error"
.
required_modules.autonomous_driving.DIAGNOSTIC_NAME.spf_at
string
"error"
Diagnostic level where it becomes Single Point Fault. Available options are "none"
, "warn"
, "error"
.
required_modules.autonomous_driving.DIAGNOSTIC_NAME.auto_recovery
string
"true"
Determines whether the system will automatically recover when it recovers from an error.
required_modules.remote_control.DIAGNOSTIC_NAME.sf_at
string
"none"
Diagnostic level where it becomes Safe Fault. Available options are "none"
, "warn"
, "error"
.
required_modules.remote_control.DIAGNOSTIC_NAME.lf_at
string
"warn"
Diagnostic level where it becomes Latent Fault. Available options are "none"
, "warn"
, "error"
.
required_modules.remote_control.DIAGNOSTIC_NAME.spf_at
string
"error"
Diagnostic level where it becomes Single Point Fault. Available options are "none"
, "warn"
, "error"
.
required_modules.remote_control.DIAGNOSTIC_NAME.auto_recovery
string
"true"
Determines whether the system will automatically recover when it recovers from an error.
Assumptions / Known limits
TBD.