Add VDA5050 Safety State Broadcaster

[YaraShahin]

This Pull Request introduces the VDA5050 Safety State Broadcaster, a controller for publishing safety state information in ROS 2. The broadcaster reads safety-related state interfaces from hardware and exposes them in standardized ROS messages, as defined by the VDA5050 standard, for easy integration with VDA5050-based fleet management systems, safety monitoring, and higher-level decision-making nodes.

Dependency: This PR depends on control_msgs#266 which introduces the VDA5050SafetyState message.

Features

• Standardized Safety Output: Publishes a control_msgs::msg::VDA5050SafetyState message representing the current safety state of the system: field violation and E-stop status.

• Flexible Interface Support: Reads from configurable state interfaces covering field violation, manual E-stop, remote E-stop, and auto-acknowledged E-stop, ensuring full compatibility with the VDA5050 schema.

• Parameterization: Fully configurable through YAML using generate_parameter_library.

Published Topic

• ~/vda5050_safety_state (control_msgs::msg::VDA5050SafetyState) — publishes the combined safety state: field violation and prioritized E-stop status.

---

Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:

1. Limited scope. Your PR should do one thing or one set of things. Avoid adding “random fixes” to PRs. Put those on separate PRs.
2. Give your PR a descriptive title. Add a short summary, if required.
3. Make sure the pipeline is green.
4. Don’t be afraid to request reviews from maintainers.
5. New code = new tests. If you are adding new functionality, always make sure to add some tests exercising the code and serving as live documentation of your original intention.

To send us a pull request, please:

• Fork the repository.
• Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
• Ensure local tests pass. (colcon test and pre-commit run (requires you to install pre-commit by pip3 install pre-commit)
• Commit to your fork using clear commit messages.
• Send a pull request, answering any default questions in the pull request interface.
• Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.

[christophfroehlich]

First (very superficially) review

[christophfroehlich]

CI fails because of the API breaking changes of the realtime_publisher.

I have a general question, shouldn't we use data_type bool for state_interfaces here? Or at least support both?

[christophfroehlich]

if we stay with double values, should we place this somewhere else? controller_interface/helpers for example?

[saikishor]

Here, I would rather use the logic to support boolean interfaces too based on the get_data_type method

[YaraShahin]

I added bool support with the get_data_type method as @saikishor recommended.

I’ve kept safe_double_to_bool for now because it's still necessary to handle NaN cases and the conversion logic for existing double-based interfaces. Regarding moving it to controller_interface/helpers: I agree it could be a useful utility for other broadcasters. I’m happy to move it there (or to a common header) if you think it's generic enough for the wider framework.

[christophfroehlich]

@saikishor where would this fit best?

[saikishor]

Overall looking pretty good. Some nitpicks

[saikishor]

let's place then under the namesapce interfaces or eStop_Interfaces or emergency_stop_interfaces and remove the interfaces prefixes in the naming

[YaraShahin]

I have moved the three E-Stop types under a nested eStop_interfaces namespace (e.g., eStop_interfaces.manual, eStop_interfaces.remote, etc.) and removed the repetitive prefixes.

I’ve kept fieldViolation_interfaces at the top level because it is logically distinct from the Emergency Stop handling in the VDA5050 specification. What do you think?

[saikishor]

Nice. Thanks for the change. Regarding your comment, does it make sense like interfaces.fieldViolation and then interfaces.eStop.* ?

What do you think?. Just throwing an idea.

[saikishor]

Nice. Thanks for the change. Regarding your comment, does it make sense like interfaces.fieldViolation and then interfaces.eStop.* ?

What do you think?. Just throwing an idea.

[YaraShahin]

Personally, I'm not a big fan of deep nesting because it makes the C++ access verbose, but I agree that grouping them under a unified interfaces namespace looks much cleaner in the YAML. I've implemented it as interfaces.field_violation and interfaces.e_stop.*. Thanks for the suggestion!

[saikishor]

Here, I would rather use the logic to support boolean interfaces too based on the get_data_type method

[saikishor]

It would be nice to also support boolean interfaces here based on the type you get from get_data_type

[YaraShahin]

Done

[YaraShahin]

CI fails because of the API breaking changes of the realtime_publisher.

I updated the APIs for realtime_publisher and LoanedStateInterface. I ran the tests locally on jazzy and rolling.

I have a general question, shouldn't we use data_type bool for state_interfaces here? Or at least support both?

Yes, thanks @christophfroehlich for the suggestion. I added bool support with the get_data_type method as @saikishor recommended and added a testcases for the new bool interfaces.

[saikishor]

Thank you @YaraShahin . I'll take a look.

[christophfroehlich]

Thanks for the updates. Some comments in the code, and please consider failing tests, like that from clang

  /home/runner/work/ros2_controllers/ros2_controllers/.work/target_ws/src/ros2_controllers/vda5050_safety_state_broadcaster/src/vda5050_safety_state_broadcaster.cpp:211:27: error: implicit conversion changes signedness: 'int' to 'size_type' (aka 'unsigned long') [-Werror,-Wsign-conversion]
    211 |         state_interfaces_[itf_idx].get_name().c_str());
        |         ~~~~~~~~~~~~~~~~~ ^~~~~~~

[christophfroehlich]

nitpick, but we typically mark member variables as such

Suggested change

	control_msgs::msg::VDA5050SafetyState safety_state_msg;
	control_msgs::msg::VDA5050SafetyState safety_state_msg_;

[YaraShahin]

Thank you. I did the change in the latest commit along with the necessary corresponding changes in cpp.

[christophfroehlich]

@saikishor where would this fit best?

[codecov]

Codecov Report

❌ Patch coverage is 90.69767% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.88%. Comparing base (c703235) to head (6847ecc).

Files with missing lines	Patch %	Lines
...oadcaster/src/vda5050_safety_state_broadcaster.cpp	78.04%	14 Missing and 4 partials ⚠️
...ter/test/test_vda5050_safety_state_broadcaster.hpp	95.65%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1958      +/-   ##
==========================================
+ Coverage   84.79%   84.88%   +0.08%     
==========================================
  Files         151      156       +5     
  Lines       14607    14822     +215     
  Branches     1266     1285      +19     
==========================================
+ Hits        12386    12581     +195     
- Misses       1763     1777      +14     
- Partials      458      464       +6     

Flag	Coverage Δ
unittests	84.88% <90.69%> (+0.08%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...e_broadcaster/vda5050_safety_state_broadcaster.hpp	100.00% <100.00%> (ø)
...est/test_load_vda5050_safety_state_broadcaster.cpp	100.00% <100.00%> (ø)
...ter/test/test_vda5050_safety_state_broadcaster.cpp	100.00% <100.00%> (ø)
...ter/test/test_vda5050_safety_state_broadcaster.hpp	95.65% <95.65%> (ø)
...oadcaster/src/vda5050_safety_state_broadcaster.cpp	78.04% <78.04%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.