Safety Assurance for the Efficient Cooperation of Autonomous Mobile Robots and Human Workers in Shared Spaces

Industry: Automotive & Mobility, Commercial Vehicles / August 30, 2022

Success Story Hitachi Ltd.: Fraunhofer IESE supported Hitachi in the development of Safety Assurance for the Efficient Cooperation of Autonomous Mobile Robots and Human Workers in Shared Spaces

Autonomous Systems, Fraunhofer IESE — © iStock.com/metamorworks/Fraunhofer IESE

Last modified: August 30, 2022

Hitachi Ltd. Success Story at a glance

What it's all about:
Safety Assurance of autonomous mobile robots in smart logistics applications

The Challenge:
Optimal balance between performance and guaranteed safety in dynamic environments

The Support:
Together with Hitachi, Fraunhofer IESE develops a model-based safety assurance methodology based on Conditional Safety Certificates (ConSert) and situation-aware dynamic risk assessment (SINADRA)

The result:
Successful extension and safeguarding of the existing Hitachi runtime safety component

The Benefits:
Improved performance of the system without compromising safety by leveraging contextual knowledge

Safety Assurance of autonomous mobile robots in smart logistics applications

Cooperative cyber-physical systems (CPS) harbor enormous potential for societal improvement in terms of safety, comfort, and economic efficiency. This is particularly true for CPS used in Industry 4.0 or smart logistics. However, CPS functions will only find their way into operation if their intended benefit can be rendered safely. Especially in areas with high environmental dynamics and shared spaces, where humans and machines operate simultaneously, achieving this goal is tough. As a global manufacturer and solutions provider of cyber-physical systems, Hitachi develops cutting-edge safety technologies that can help shape the future of CPS businesses. The goal of these technologies is to achieve optimal performance and arguable safety at the same time.

Optimal balance between performance and guaranteed safety in dynamic environments

Hitachi approached Fraunhofer IESE for a method transfer project with the aim of increasing the performance of an existing runtime safety mechanism, which dynamically assures collision avoidance between humans and Autonomous Mobile Robots (AMRs). The associated challenges were:

Systematic analysis of target use case and CPS variability to identify the features with the highest performance increase potential
Interface formalization of a runtime safety component for easy integration into different target applications, CPS, and environments
Dealing with the limited predictability of human behavior in the vicinity of AMRs
Providing a set of continuously traceable safety engineering artifacts to facilitate building a safety case, especially in domains for which existent standards for highly automated operation do not exist yet or are insufficient

The research questions addressed were (Figure 1):

What do systematic engineering and assurance methods for dynamic CPS safety concepts look like that improve flexibility/efficiency in smart logistics for rule updates while guaranteeing safety?
How to systematically define dynamic rule models based on situation-aware behavior variability?
How to make dynamic rule models executable safely and flexibly in a distributed CPS environment?

Hitachi Ltd. Success Story, Fraunhofer IESE — © Fraunhofer IESE

Together with Hitachi, Fraunhofer IESE develops a model-based safety assurance methodology based on Conditional Safety Certificates (ConSert) and situation-aware dynamic risk assessment (SINADRA)

The underlying solution principle is to replace static worst-case assumptions typically used for safety design with dynamic safety reasoning capabilities that exploit the knowledge about the specific situation the AMR is currently in. Systems are to monitor relevant properties of themselves and their context, project these properties into the future, and reason about their implication on risk.

Figure 1 shows the high-level methodological steps to engineer distributed safety monitoring components that operate based on specific dynamic rule models for the application and the intended operational environment. It starts with the use case description, which is used as context for the development of a behavior safety concept and its refinement through situation-specific behavior causality models modeled during behavior safety analysis. The core output of these processes are actor behavior causality models modeling the influence of the operational situation on (un-)critical behaviors of controllable and uncontrollable actors. Subsequently, the systematic derivation of a service-oriented architecture provides the basis for the definition of an architectural safety concept that realizes the inference of behavior causality models technically. To arrive at Conditional Safety Certificates (ConSerts) as models representing formal component safety interfaces, a service-oriented safety analysis was performed to identify failure modes that need to be addressed by safety requirements. These safety requirements were documented in modular safety concept trees by means of the Goal Structuring Notation. Finally, the dynamic safety concept was formalized with the ConSert syntax by extracting and abstracting runtime-relevant safety requirements and their Boolean relationships. Parts of the runtime elements of the methodology were realized in a technical demonstrator to demonstrate the working principle of the dynamic rule update approach in a simulation environment. An expected benefit analysis was performed for passing and overtaking scenarios.

Dr. Junya Takahashi, Department Manager, Hitachi Ltd. says:

“Through the collaboration with Fraunhofer IESE, we have realized that the developed safety management technology will be the core of the human-machine cooperative CPS. This technology could be one of the key enablers for realizing the autonomous control system in Hitachi’s future business. Many thanks for the great results.”

Dr. Junya Takahashi, Department Manager, Hitachi Ltd. - Fraunhofer IESE — Dr. Junya Takahashi, Department Manager, Hitachi Ltd.

Successful extension and safeguarding of the existing Hitachi runtime safety component

The core result was the definition of a design and assurance process for systematically engineering and executing dynamic safety mechanisms for cyber-physical systems. The resulting runtime safety components dynamically consider environmental influences on system risk and capabilities for optimizing the safety-performance trade-off. To that end, the Fraunhofer IESE reference process for engineering dynamic safety mechanisms, including the technologies Conditional Safety Certificates (ConSert) and situation-aware dynamic risk assessment (SINADRA), was adapted to the Hitachi context. This process was exemplarily executed for a smart logistics application. The resulting runtime component performance evaluation led to a predicted AMR movement time reduction of 20% in scenarios where humans and AMRs move in similar directions in shared spaces. Using the methods developed and applied, future CPS, especially in the smart logistics context, can be realized flexibly with increased efficiency and guaranteed safety.

The model-based engineering approach suggested by Fraunhofer IESE was incorporated successfully into the development project at Hitachi and will be transferred to other development projects in the future. The safeTbox tool developed by Fraunhofer IESE combines all required model-based techniques in one toolbox and facilitated the deployment of the methodology.

Scientific Publication: “Engineering Dynamic Risk and Capability Models to Improve Cooperation Efficiency Between Human Workers and Autonomous Mobile Robots in Shared Spaces” Jan Reich, Pascal Gerber, Nishanth Laxman, Daniel Schneider (Fraunhofer IESE), Takehito Ogata (European R&D Centre, Hitachi Europe), Satoshi Otsuka and Tasuku Ishigooka (R&D Group, Hitachi). Published at: 8th International Symposium on Model-Based Safety Assessment (IMBSA 2022), Munich, Germany.

Dynamic Risk Management in AMR & Human Cooperation: Overtaking Scenario

This video shows a demonstration of a working principle of dynamic risk management techniques in AMR and human cooperation scenarios.

Dynamic Risk Management in AMR & Human Cooperation: Passing Scenario

This video shows a demonstration of a working principle of dynamic risk management techniques in AMR and human cooperation scenarios.

Improved performance of the system without compromising safety by leveraging contextual knowledge

Our competencies

Dynamic assurance techniques to achieve safety and performance for cyber-physical systems through adaptive safety management
Environment variability analysis with respect to risks and required system capabilities
safeTbox – model-based safety engineering tool framework of Fraunhofer IESE for the development and safety assurance of intelligent systems

Your benefits

Improved system performance without deterioration of safety through exploitation of contextual knowledge
Management of complexity with a continuous model-based safety engineering method
Systematic methods to help the customer cope with the impact of increasing degrees of mission complexity, environmental complexity, and independence from humans on the safety-performance tradeoff

Do you have a challenge for us?

Talk to us and benefit from having Fraunhofer as an industry partner! With software-based and digital innovations, we develop customized safety engineering solutions for you.

contact

Hitachi Ltd. Success Story