ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange
Ask Your Question
3

What are technical reasons for criticisms of ROS's Reliability/Robustness/Safety?

asked 2019-03-04 08:39:45 -0500

TBD gravatar image

updated 2019-03-04 09:46:08 -0500

A criticism have found against ROS is that it is lacking reliability/ Robustness or that it is not suitable for safety critical systems specifically in industrial/commercial contexts but this is often just stated and is not accompanied by any evidence or specific technical examples of why this is the case. I have tried to research this but it does not seem to be very well documented.

The main points I have been able to find are: unreliability of TCP based transport and a few complaints of resource leaks and thread safety issues.

For instance one of ROS industrial's aims ( http://wiki.ros.org/Industrial ) is 'Develop robust and reliable software that meets the needs of industrial applications'. The implication there would be that regular ROS is not sufficiently robust and reliable for industrial application?

I also see a number of answers to posts that suggest ROS is not suitable for robots that need to run 24/7 due to reliability issues.

Could anyone point me towards sources that go into more detail on these issues or does anyone know what specific issues there are that contribute to reliability problems?

EDIT: Aditionally I know that transport reliability should be improved (if it was actually a problem) in ROS2 by the quality of service settings from DDS and the change to UDP and also the change to not include master removes reliability issues of that crashing (Which is actually partly an answer to my origional question I didn't think of when asking it...) but otherwise I would be equally interested in answers concerning ROS2 as ROS1.

edit retag flag offensive close merge delete

Comments

You tagged this with ROS1 but also with ardent, which is a ROS 2 release name.

Are you looking for answers for specific ROS versions, or more of a general statement?

gvdhoorn gravatar image gvdhoorn  ( 2019-03-04 09:12:23 -0500 )edit

Yes, I was looking for more general comments. The instructions when posting said that you should include the distribution as a tag so I just picked one in hopes of avoiding any automatic moderation. I shall ammend the tags.

TBD gravatar image TBD  ( 2019-03-04 09:33:38 -0500 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
1

answered 2019-10-30 22:10:43 -0500

ahendrix gravatar image

To expand on the previous answer a bit: the industrial, automotive and aerospace communities have standards for development of safety-critical software. (IEC 61508, ISO-26262, DO-178, MISRA and others).

When writing software for a safety-critical application in one of these fields all software and libraries that are used should be certified to the standard that is appropriate for that field. The library authors for safety certified libraries have substantial documentation which shows that the library was certified to the appropriate standard. (Creating this documentation is expensive, which is why library authors usually charge high licensing fees)

ROS 1 was not developed to any of these standards, and does not have any of the documentation that could show that it is suitable for use in a safety critical system. Further, ROS 1 depends on many libraries which were not developed to these standards either. This would make getting a safety certification for ROS 1 rather difficult.

ROS 2 is based on DDS, and there are some companies which sell safety certified versions of DDS. A safety-certified version of ROS 2 is therefore possible. I believe Apex.AI is working on a version of ROS 2 that is or will be certified to ISO 26262 for automotive applications.

edit flag offensive delete link more
add a comment
0

answered 2019-10-30 15:50:15 -0500

swsllc gravatar image

Those who make claims are responsible to provide evidence. If you claim any safety attributes for ROS please provide evidence. The lack of any systemic safety evaluation, lack of a functional hazard assessment, lack of evidence of any functional safety integrity level (SIL) as in IEC 61508 family, makes the ROS unfit for use in safety critical systems.

edit flag offensive delete link more
add a comment

Question Tools

4 followers

subscribe to rss feed

Stats

Asked: 2019-03-04 08:39:45 -0500

Seen: 947 times

Last updated: Oct 30 '19

Related questions

ROS2 Node sleeps forever after setting parameter

How to debug ROS programs?

Interfacing a native DDS system with ROS2?

Error when Custom messages will be built

How to rename node label used by launch file

Rosserial on ros2 humble

Colcon Build Error with ROS2 Eloquent and Libtorch

ROS2 max domain ID

[ROS2] time.sleep() in a node [closed]

ROS2, No executable found

ROS Answers is licensed under Creative Commons Attribution 3.0 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2