szmoore
commented
11 years ago As the project progressed it became clear that we really couldn't do that much in software. We should keep this open though.
Currently there are "sanity checks" which may be implemented for sensors and actuators. If a sensor fails the sanity check the experiment is stopped. An actuator thread will simply refuse to set the value. The appropriate actions to ensure the system is safe need to be placed in the "cleanup" functions of each device.
We need to work with all other teams to identify safety issues. We need to consider mechanisms where the software controls hardware, but also mechanisms that can be implemented in software alone.