Dynamic Safety Fields for AMRs

Safety is one of the biggest challenges when building Autonomous Mobile Robots (AMRs). In this article, we discuss what navigation safety means in the context of mobile robotics and how you can ensure it with so-called dynamic safety fields.

November 2023
min read
Jaco Theunissen
Robotics Tech Specialist
Autonomous Driving
Share this post

Safety is one of the biggest challenges when building Autonomous Mobile Robots (AMRs). In this article, we discuss what navigation safety means in the context of mobile robotics and how you can ensure it with so-called dynamic safety fields.

From warehouse logistics to production processes, Autonomous Mobile Robots (AMRs) are on the rise across all industries. AMRs are different from the more traditional Automated Guided Vehicles (AGV)s. Where AGVs are ‘guided’ precisely on predefined routes, AMRs are enabled through improved sensor technologies and navigation algorithms, to move freely and decide its path.

Enabling robots to move autonomously through a complex and dynamic environment is not a trivial task. A pivotal component of this is navigation safety. These industries often represent fast-paced environments with dangerous machinery. Although improved throughput and uptime are profitability drivers, the possibility of taking people out of hazardous environments and replacing them with robots is an extremely inviting prospect. Nevertheless, the robots in this environment still need to be safe! In this article, we’ll explore what navigation safety actually is, extract a motivation from sample scenarios, and finally explore our solution to this.

What is Navigation Safety?

As children learn to walk they bump into things all the time. The average adult, for the most part, can avoid collisions. It is a fundamental skill for any moving system to avoid collisions, especially when that system is racing a 1t payload down a factory corridor. One could suggest that a moving system would be safe if it stops if anything gets close, perhaps within 10m. But what if the object is a car speeding down the autobahn?

Safety is not simply: “Stop if anything is close”. When driving on the motorway, the faster you drive, the bigger the distance between cars must be. Additionally, we’re also taught to acknowledge that trucks, or vehicles with larger momentum tend to take longer to brake and thus have bigger stopping distances. So even at the same speed, you try to give them more space. Thus the exact meaning of “close” becomes ambiguous as it depends both on what you are, and what moving around you.

Safety is not simply: “Stop if anything is close”.

When driving down a highway, you’re going fast, so you need a good distance to the car ahead, however, since everyone is driving straight, the car in the next lane can be really close. Nevertheless, a perfectly safe arrangement. The direction of safety is, therefore, not a circle. If the car ahead was to brake, and we were too close to brake in time, we are responsible as we had an unsafe following distance. If the car next to us decides to crash into our lane and cause an accident, we cannot be accused of being unsafe. When thinking about collisions, safety could be “being able to avoid collisions given reasonable expectations are met within a scenario.”

Safety could be: “Being able to avoid collisions given reasonable expectations are met within a scenario.”

Safety in the Context of AMRs

When we look at AMRs, safety is related to the dynamic properties of the robot itself. In order for an AMR to stop before hitting the wall, it needs to know its current speed, how fast it can brake, and from this and other factors, like the stopping distance. Children, who don’t yet know their own dynamic properties, tend to bump into things all the time! This covers the “being able to avoid collisions” part. But this is not simply mathematics, this is an embodied, moving, complex system. It needs to be robust.

There are industry-standard products and solutions that are inherently tested and independently verified as safety critical. For mobile robotics, we can find this in SICK laser scanners. These scanners provide the ability to engage the brakes of the system when objects get close, or in other words, when the safety field is violated. This comes a long way in dealing with the first aspect of safety. If we know how quickly a robot can brake, we can create these safety fields to ensure we can brake in time. But as mentioned before, there’s the second part. The “…given reasonable expectations are met within a scenario”.  Sometimes a car is on the highway, sometimes it is in a parking lot. Sometimes an AMR is driving down a straight corridor, sometimes it is coming around a blind corner. The same AMR operates in different scenarios at different speeds, which means we need to have multiple, different, safety fields.

Why Saftey for AMRs Gets Difficult

Two reasons:

1. One can’t simply say that the dynamic safety field should change based on the current speed of the autonomous robot. How would we know if it is safe to accelerate? As the AMR speeds up, the field grows. But if on expanding the field, an obstacle is now within the expanded field, it is now too late to brake in time. It has driven itself into an unsafe situation. In other words, the safety field should determine the possible speeds, not the other way around!

2. One can’t simply restrict speeds at the safety layer. The navigation system plans a path to the goal with a given system description, how fast can it turn, how fast can it decelerate, etc. If the safety layer decides to restrict angular velocity without the planner knowing, it could be unable to execute the intended curve and drive itself off the path, or fail to turn sharp enough to dock under a trolley, or worse, think it can speed past and avoid and oncoming obstacle. The safety field restricting the speed here would inadvertently cause the robot to put itself on a collision course.

Our Solution: Dynamic Safety Fields

What we thus are looking to achieve is firstly an AMR that can navigate safely. We additionally want an autonomous robot that is operating at the maximum possible speed given a scenario. If we always drive at the slowest speed possible, yes, this would be safe, but the factory throughput would be low. It would not be able to carry as many trolleys in a shift. It needs to be efficient!

The solution space below explores first our decision to have a dedicated safety component which is responsible for toggling between the safety fields (not that the current speed simply dictates the fieldset!). We then look at the planner and what information it needs in order to plan a path that ensures it has good knowledge of the system “being able to avoid collisions” and a good idea of the scenario “…given reasonable expectations are met within a scenario.” We then explain the subtle interplay between the two components and finally put everything together and show an overview of the entire system.

We also wanted to build an architecture that is decoupled. In other words, it should be planner-independent, or safety layer-independent. If the technical solution should improve in either component, we shouldn’t have to re-engineer the entire system.

Safety Fieldset Management

There are multiple safety fieldsets. Each fieldset contains three geometries (Warning Field 2, Warning Field 1, and Protective Field) as well as corresponding dynamic constraints. Simply said, the bigger the fieldset, the faster the AMR is allowed to go. When moving in tight corners, we keep the AMR slow.

At any point, a single fieldset is considered as being active. We receive information from the laser scanners to about whether any of the three fields of the fieldset are currently triggered. If the protective field is triggered, the brakes are immediately engaged. Additionally, the dynamic constraints of the fieldset are enforced. However, for general navigation, we can expect that at warning field 1, warning field 2 or none might be triggered.

If warning field 1 is triggered, we impose additional velocity constraints on the robot and start reducing the speed. If we immediately reduce the fieldset to a smaller field, the velocity at that time might exceed the dynamic limitations of the lower fieldset, which would trigger the brakes. Thus we slowly reduce the speed until we are within the accepted bounds of the lower fieldset. If warning field 2 is triggered, we maintain the current fieldset. This is a comfortable and safe level of operation! If none of the fields are triggered, it indicates that the area is more clear than how we are currently operating, and thus we would increase the fieldset to a bigger one.

Constraint Informed Path Planning

The planner is then responsible for taking a general target path and computing a trajectory. This trajectory is comprised of velocity commands for each motor. The planner is considered “dynamic” in the sense that it receives as an input the current dynamic safety constraints and the current robot state.  This ensures that the planned autonomous robot trajectory is both:

  • Realistic and possible for the current robot to execute
  • Fits within the safety limitations and won’t head into danger

Switching Down

If the safety checker shows that warning field 1 is triggered, the AMR should slow down and move to a lower safety field. How this happens is incredibly subtle. The planner is still given the acceleration and deceleration constraints of the current safety fieldset. Speed reduction happens through incremental clipping of the velocity commands before it reaches the motors.

The velocity limit is slowly reduced to match the current measured velocity. By slowly and incrementally reducing the current velocity constraint on the planner and holding the acceleration and deceleration constraints the same, this ensures a smooth and controlled deceleration. It also means that each planning iteration will have only small differences and thus continuous planning iterations maintain a small computational footprint. Once the velocity is low enough to satisfy the lower fieldset, the currently active fieldset is reduced to the lower fieldset.

Putting it all together

We see finally that the dynamic planner takes inputs from the safety layer, first, it receives the current safety fieldset such that the planner can ensure that its path is safety constraint compliant. It also gets informed if it should be clipping the speed before passing it along to the motors.

Build Safe AMRs

Navigation safety is a deceptively loaded problem. Dynamic safety fields are an essential tool for ensuring safe motion and also maximizing throughput, as opposed to driving purely at the lowest speed! While there remains a good place for AGVs, the rise in AMRs is well justified but their additional challenges should not be overlooked. Get in touch with us to get a bigger picture and see if there is a business case for you. The AMR shown above was also built from the ground up, completely in-house, here at Motius. If you’re looking into AMRs, we’re happy to meet you at your stage in the journey, wherever that happens to be, and build something great (and safe) together.

Ready to Start?

Let's get connected and start a project together.

Working in a Tech Company | Motius