E-Stop
Spot provides both a hardware and a software E-Stop. The hardware E-Stop button is found at the rear of the Spot chassis, and provides a physical button to press which will cause Spot to cut power to its motors.
Similar functionality is provided by the software E-Stop. The functionality of the Spot software E-Stop is outlined in Boston Dynamics' documentation and is briefly summarized below:
Summary of Spot E-Stop Logic
The E-Stop configuration must be configured prior to using Spot. The configuration defines a set of E-Stop "Endpoints" which Spot expects to be in regular communication with, in order to allow the motors to be powered on. As an example, a configuration might require just a single endpoint: this is the case when you use the Boston Dynamics tablet to control Spot. Alternatively, a configuration may require both the Rocos Agent and another payload client be present.
Once the E-Stop configuration is set, clients (such as the Boston Dynamics Spot Tablet, or the Agent) must register themselves with Spot. During registration, each client assumes a "Role", which corresponds to one of the required Endpoints defined in the configuration. Once registered, each client must set its individual E-Stop level to "NONE" (as opposed to "CUT" which would indicate a request to cut motor power). Until all required Endpoints have been registered, and all registered clients set their E-Stop level to "NONE" , the overall E-Stop level that Spot's system sees is "CUT", meaning the motors will not be allowed to power on.
Rocos Agent E-Stop Functionality:
Because of the aforementioned E-Stop logic, the behaviour which occurs in the Agent's Spot component when the service call /spot/estop/register() is invoked, is determined by two factors:
- E-Stop Agent settings: these can be edited in the Agent Settings Tab in the Portal. Information on these settings can be found here.
- The E-Stop configuration currently on Spot.
The following steps outline the logic taken to register an endpoint based on these two variables.
This behaviour allows the Agent to both control a Spot robot on its own, and also to interoperate with other third-party E-Stop clients as part of a more comprehensive safety system. Since the E-Stop configuration is critical for ensuring that all parts of an E-Stop "chain" are able to stop Spot if necessary, it is important that no unexpected alterations to the E-Stop configuration are made. The Agent avoids altering the E-Spot configuration unless absolutely necessary, preferring instead to assume roles in the existing configuration. If necessary, the Agent may be configured to never perform changes to the Spot E-Stop configuration: in this case the E-Stop configuration must be managed by a third-party client, but any potential for E-Stop mis-configuration is eliminated.
Data Model
The live data viewer shows the E-Stop services and telemetry available. The image below provides a snapshot of this.
Services
register: call this to register the Agent as an E-Stop endpoint.deregister: call this to deregister the Agent as an E-Stop endpoint.ESTOP: call this to sit Spot down and cut motor power.reset: call this after callingESTOPto reset the E-Stop status so that Spot will once again accept commands.
Telemetry
config: The E-Stop configuration defined on Spot. This outlines the number of E-Stop endpoints required before Spot will accept commands. It also outlines the roles of each endpoint.status: The current E-Stop system status of Spot. This includes the currently registered E-Stop endpoints and the overall E-Stop status of Spot (e.g. whether or not motor power has been cut).lastRegistrationTimestamp: The unix epoch timestamp in nanoseconds for the last point in time that the Agent registered itself as an E-Stop endpoint.registered: A boolean message (true/false) showing whether or not the Agent is currently registered as an E-Stop endpoint.