¶ Robot Safety and Runaway Prevention
Author(s): Kaden Wince
Last Updated: February 10th, 2026
¶ Introduction
In the extreme environment that is robotic football, mobile robots are expected to move quickly, withstand a huge amount of force from tackles, and respond to commands in real-time during play. However, when something goes wrong (such as communication dropout, a power fault, or a software crash), a robot can become unresponsive and behave unpredictably. These incidents, known as "runaways," pose major safety risks to students, bystanders, equipment, and the playing field. With the sheer speed and weight these robots have now, they can seriously injure people and property, creating legal liabilities and reputation damage to your team.
This document provides a structured approach to preventing runaways and ensuring safe robot operation during both development and live gameplay. It focuses on best practices in system design, software safeguards, hardware protections, and testing procedures, all aimed to make sure that every robot can fail safely. These guidelines are intended to cover most mobile robot configurations seen in the CRFC. Student team members are encouraged to follow these guidelines and implement these safety features on their team's robots.
These guidelines are intended to significantly reduce the risk of runaway behavior in mobile robots by providing teams with well-defined procedures for prevention and response. Teams are responsible for identifying robot-specific failure modes and implementing appropriate design and operational safeguards specific to their robots to mitigate those risks.
¶ Failure Analysis
To ensure the reliability and safety of your robotic systems, it is critical to understand and evaluate potential failure points. A structured method used for this purpose is the Failure Modes and Effects Analysis (FMEA). FMEA is a systematic technique for identifying where and how a system might fail, and assessing the impact of different failures. It helps prioritize potential failure points based on their severity, likelihood, and detectability, so that preventative or mitigating actions can be taken during the design and testing phases.
For a deeper dive into FMEA methodology, refer to this resource.
¶ Possible Failure Modes to Consider
- Motor driver loses communication from MCU: The motors may stop responding or behave unpredictably if control signals are lost.
- MCU loses communication from controller: The robot may stop receiving user inputs, potentially freezing or continuing its last command.
- Loss of communication during movement: The robot may continue moving without supervision, creating a safety hazard or navigation error.
- Microcontroller crashes or locks up during movement: All operations could halt or become stuck mid-action, requiring a manual reset.
- Large impact or collision: Physical shock may disconnect components or damage wiring, leading to sudden failure of key systems.
¶ Designing for Safety: Core Principles
Even the most simple of robots can fail if its core systems aren't built with safety in mind. These system-level design principles provide a foundation for building mobile robots that are robust, predictable, and fail in safe ways when something goes wrong. While every robot is different, each team should aim to incorporate the following practices into their designs:
¶ Fail-Safe First
Concept: This is the most important principle to follow in your design. Your systems should be designed so that, in the event of a failure, the robot automatically enters a safe state. An example of this would be defaulting to disabled motor outputs on system reset, communication loss, or power instability. It's better for the robot to stop than to continue blindly.
Example: Check when the last valid command was received from the controller, and if it's above a certain threshold, disable the motors. This check should precede your main code to ensure it has higher priority. This assumes you are using a constant-update feedback from the controller instead of 'last command holds' behavior to ensure there is no communication loss.
void loop() {
if (timeSinceLastControllerResponse > 500) { // milliseconds
disableMotors();
} else {
// Main Code
}
}
¶ Circuit Isolation
Concept: Use electrical isolation methods to separate critical control signals and safety circuits from high-power or high-noise subsystems (e.g. motor drivers, battery chargers). This helps prevent cascading failures, protects microcontrollers from voltage spikes, and ensures that safety systems can operate independently of faults in the main circuit.
Example: Use optocouplers to pass PWM signals to motor drivers.
¶ Design for Impact & Vibration
Concept: Robot football is a very contact-heavy sport. As such, physical connections and internal components should not come loose or break under impact. Design the robot mechanically and electrically for high-impact collisions.
Suggested Actions:
- Use locking connectors for pin and power connections (XT60s, Molex, JST, etc.)
- Add strain relief to wires (zip ties, cable clips, etc.)
- Secure all internal components with screws or industrial velcro
- Encase PCBs in plastic or use a coating to prevent short circuits
Delivery Robot T-Bones Self-Driving Car [1]
¶ Power System Stability
Concept: Unstable power is one of the most common causes of unpredictable robot behavior. Design your power system with circuit protections and brownout prevention to ensure stability. Your robot should be able to mitigate and/or detect these conditions to avoid unpredictable behavior.
Suggested Actions:
- Use large and small capacitors on power lines to smooth fluctuations and spikes
- Use circuits such as overvoltage, overcurrent, reverse-polarity protections on power and I/O lines
- Implement brownout detection using your microcontroller’s built-in supervisor or an external voltage monitor
- Use undervoltage lockout features on motor drivers to prevent erratic behavior at low battery levels
Typical Transient Response of a Power Supply[2]
¶ Active Safety Enforcement
Concept: Robots should include dedicated hardware that can shut down the system or reset it when a fault occurs, regardless of software state. These safety mechanisms would act as a last line of defense and are often required for safety compliance in real-life systems. A wireless e-stop can also be employed on the bot for the operator to stop the system.
Example: A watchdog IC can be used to reset the system if it stops responding with a "heartbeat". The watchdog can monitor a GPIO line from the main microcontroller and powercycle if it is not acting as expected.
void loop() {
// Normal robot logic...
sendWatchdogPulse(); // toggle a pin every 100ms
}
¶ Hardware-based Safeguards
These protections rely on physical components to ensure safety, prevent faults, and enforce safe system behavior, even when software fails.
- Power Stability ⭐
- This section covers techniques and circuits that prevent brownouts, protect the system, and prevent power-related errors.
- Circuit Isolation
- Learn how to electrically isolate sensitive control signals from noisy or high-power systems.
- Watchdog ICs
- Watchdog ICs act as hardware-level monitors that reset or disable the system if the main controller stops responding.
- Wire Management
- Proper connectors and cable management reduce the risk of loose wires, electrical shorts, or signal loss.
¶ Software-based Safeguards
These protections are implemented in code to detect faults, respond to communication loss, and enforce safe operation in real-time.
- Timeout Logic ⭐
- Ensure your robot halts safely if it stops receiving valid commands, helping prevent runaway behavior caused by lost communication.
- Watchdog Timers
- Software watchdogs monitor for crashes or stuck loops and automatically reset the system.
¶ Testing and Validation
Testing is critical to ensuring safety features work as intended. These practices verify how your robot behaves in failure conditions and confirm that all safeguards are functioning properly.
- Fault Injection Testing
- Simulate real-world failures (like sensor faults, comms loss, or power drops) in a controlled environment to confirm that your robot responds safely and predictably.
- Shakedown Test
- Physically test the complete robot under real-world stress: vibration, impact, cable tension, power cycling, and more. This identifies hardware weaknesses before a match exposes them.
- Safety Drills
- Establish and rehearse emergency procedures for operators and field staff. These drills ensure everyone knows how to respond quickly and safely during a failure or runaway incident.