Skip to main content
Jump to: navigation, search



Hazard Analysis and Risk Assessment (HARA) are two complementary techniques for functional safety design. HARA techniques enable the identification of possible hazards for a system or its environment, the evaluation of the risks and the conception or selection of alternative design solutions to mitigate the risks to an acceptable level.

Here we use the term “Task-Based HARA” because HARA techniques are applied to a robotic behavior specification. Indeed, the term "Task-Based" conforms to the vocabulary of the RobMoSys methodology, where the robotic behavior coordination concern spans across the task and skill abstraction levels.

Behavior Specification

Papyrus for Robotics provides a viewpoint for behavior designers, based on the behavior tree (BT) representation. The BT can be modeled directly in Papyrus, so that it can be easily linked with additional models representing complementary concerns, like safety, resource allocation and real-time properties.

The following picture shows the BT model for a robot to pick a stack of paper from a printer and place it to a deposit.


Because the printer paper is not easy to manipulate, the task demands the execution of specific procedures to initialize and prepare the robot (picture's left side). The actual pick-and-place task description (picture's right side) prescribes a set of robot movements to enter and exit the printer and deposit spaces (these spaces are known and assigned as input parameters to the BT leaves representing concrete actions). To pick and place the stack of paper, the robot opens and closes its gripper, respectively.

Task-Based HARA

Task-Based HARA is performed following ISO 10218-2:2011. For each action in the behavior tree, we list all the relevant hazards and compute their risk index. The risk analysis table structure is extracted from ISO/TR 14121-2:2007. It contains the following information: Task, Hazard, Origin, Hazardous situation, Hazardous event, Possible harm, Occurrence, Avoidance, Frequency, Severity, Criticality.


After computing the risk criticality, the safety engineer provides risk reduction measures for each hazard associated to an action.


Behavior Execution

After the risk reduction measures are put in place by system and safety engineers, the behavior can finally be deployed onto the real robotic platform and executed.


The current implementation leverages the results of the MOOD2BE Integrated Technical Project (ITP) from the RobMoSys first open call. The current implementation exports the BT Papyrus model to a XML model that conforms to the MOOD2BE's XSD. Then a sequencer component is generated which embeds the MOOD2BE's execution engine.

Back to the top