Robot Controller Manager

1. Safe, two-layered emergency stop procedure

Rocoma differs between three types of controllers:

  • Controllers:
    These are the robot controllers, some of them are very complex and are likely to throw exceptions or return false.
  • Emergency Controllers:
    These controllers are designed to do react on emergency stops/errors. But they can not handle every error state.
  • Failproof Controllers:
    A failproof controller must provide meaningful actuator commands in every state and thus can never fail.
Two-layered emergency stop procedure

If a controller return false or throws an exception the corresponding emergency controller is activated. Emergency controllers provide a fast initialization function which does not introduce timing problems. Two controllers can share an emergency controller (Controller B, Controller C). A controller can also declare no emergency controller (Controller D), then the failproof controller is used directly. When an emergency controller fails, the failproof controller is activated.

2. Switching between different roco controllers

The procedure described in the following table guarantees a save switching between controllers.

Switch from ctrl1 to ctrl2
Pseudocode Explanation
ctrl1.preStop() Stop non-core functionality (e.g ros communication).
while(ctrl2.isBeingStopped()){}Wait if ctrl2 is being stopped in other thread.
ctrl2.initializeController(dt)Initialize ctrl2.
switchController(ctrl2) Switch active controller to ctrl2.
ctrl1.stop()Completely shutdown ctrl1.

3. Multi-threaded features

Parallelize controller stopping on emgergency stop:

When an emergency stop occurs the active controller has to be pre-stopped and later stopped. These processes can last longer than one timestep, thus they are performed in parallel. Of course this implies that while this thread is running we can not switch back to that controller.

Parallelize controller switching:

Initialization of controllers can take a lot of time, therefore the switching procedure described above is performed in parallel. The old controller can still advance and provide actuator commands, while the new controller is beeing initialized. This also forces that pre-stopping and advancing at the same time must be thread-save.

4. Run-time controller loading

Using the ros pluginlib, rocoma provides a plugin mechanism that allows runtime loading of controllers. Rocoma provides macros that greatly simplifies the export of controllers as plugins.

5. Emergency stop, controller switching via service call, notification via topic

The rocoma_msgs package contains all the messages and services that the ros-dependent controller manager provides.

To get started refer to the How To.