[ros-users] [Discourse.ros.org] [Next Generation ROS] Design By Contract

[fkromer]

[quote="asmodehn, post:23, topic:2405"]
Actually I do mean multiprocess. But I do not mean We cannot make it work/do what we want or even We cannot make it do what we want all the time. I mean We cannot be sure that it will never do things that werent intended.

And I know for a fact that there are more robots out in the world, doing unexpected dangerous thing, because they werent programmed with total safety in mind, than most people know about. All it takes is an unchecked integer to wrap around, and disaster strikes in the real world. Make it distributed, and the disaster likeliness increases exponentially.

So sure we can build robots, and distributed systems, but, when it come to a robot that can poke the eye of a child because it looks like its a button to press, its different than a harmless backend database cluster in the basement, so you better be sure of what youre programming and for distributed systems (multiprocess) the theory is quite new, so most language/frameworks wont help you there.
[/quote]

I cannot visualize a possible bad case situation better than you did (I have to remember that one for the future.) However even if you are working in an environment where your work could potentially lead to disastrous situations you should change your mind set from "prevent from/find every bug" (which could lead to something like an displaced child's eye for sure, but what cannot be prevented from with 100% probability for sure as well) to "become better in preventing from/finding the most important bugs"... better than suffering a depression.

[quote="asmodehn, post:23, topic:2405"]
Definitely yes, but instead of adding potentially heavy features, without being sure they will be used and maintained, I would first focus on doing like https://jepsen.io/, that is, provide tools that show people working in robotics, what and where the problems are in the system they build.
[/quote]

Thanks for that hint.

[quote="asmodehn, post:23, topic:2405"]
Make anyone (including their customer) able to break it, and then they react and some might listen.
[/quote]

Good to not provide an USB port...

[quote="asmodehn, post:23, topic:2405"]
I would also agree there. You can always send a PR to add the tests node you miss to rostest, and discuss it with the maintainers :slight_smile:
And you can also write a package for the specific nodes you need. I started doing that for my own needs in https://github.com/pyros-dev/pyros-test1.
[/quote]

I am not going to PR into ROS1 ;) Right now I am fine with a fork of ros_comm/rostest for dummy, fake, spy and mock nodes. (In case I consider your package as template.)

[quote="asmodehn, post:23, topic:2405"]
But these days I am thinking we need something more like a ROS Simian Army :

some package that randomly kill and restart nodes, probably based on launch files
some package that randomly sends messages around, like a ros-hypothesis that would generate any valid message based on a ROS definition, to test your nodes against. I have already implemented most of this one, as part of other projects, but I still need to make it a package on its own, whenever I get the time and motivation
probably a few more
[/quote]

Having something like that would be great.





---
[Visit Topic](https://discourse.ros.org/t/design-by-contract/2405/24) or reply to this email to respond.