Project 6: The “Dead Man’s Switch” (Lifecycle Nodes)

A managed camera node with a supervisor that transitions it between states based on health checks.

Quick Reference

Attribute Value
Difficulty Level 3: Advanced
Time Estimate 2-3 weeks
Main Programming Language C++
Alternative Programming Languages Python
Coolness Level Level 4: Hardcore Tech Flex
Business Potential 4. The Open Core Infrastructure
Prerequisites ROS 2 lifecycle basics, C++, state machines
Key Topics Lifecycle States, Transition Callbacks, Liveliness & Health Checks

1. Learning Objectives

By completing this project, you will:

  1. Explain how Lifecycle States affects ROS 2 behavior in this project.
  2. Implement the core pipeline for Project 6 and validate it with a deterministic demo.
  3. Measure and document performance or correctness under at least one stress condition.
  4. Produce artifacts (configs, logs, scripts) that make the system reproducible.

2. All Theory Needed (Per-Concept Breakdown)

Lifecycle States

Fundamentals

Lifecycle States is the managed node state machine that gates ROS 2 node activity for safety. In ROS 2, this concept defines how nodes coordinate, exchange data, and enforce guarantees. At a minimum you should be able to name the primary entities involved, identify where configuration lives, and explain how unconfigured and inactive influence behavior. When you debug a system, you will almost always inspect active or finalized first because those details surface mismatches early. The practical goal is to build a mental map that connects the API knobs you change to the wire-level or runtime effects you observe. If you can explain this concept without naming a single ROS 2 command, you know it as a systems principle rather than a tooling trick, which is exactly what you need for production robotics.

Deep Dive into the concept

A deeper look at Lifecycle States starts by tracing data from the API surface to the middleware. Every time you configure unconfigured or inactive, ROS 2 expresses that intent in the rmw layer, which then maps the intent into DDS-RTPS structures. The mapping is not always one-to-one: a single policy or field can affect multiple runtime behaviors, including buffering, matching, and timing. This is why a simple change in active can cause a subscriber to stop receiving data, or why two vendors can discover each other but never exchange payloads. The useful diagnostic strategy is to observe the graph (who matched), then the transport (what packets appear), and finally the runtime state (queues, deadlines, timers).

Failure modes cluster around mismatched assumptions. If finalized is configured incorrectly, you may see data on one machine but not another, or discover that messages arrive but are rejected silently. If transition is too restrictive, you will observe a graph that looks healthy but never transitions into active data flow. In embedded settings, this can appear as missed deadlines or watchdog resets rather than explicit errors. A robust design therefore includes explicit validation: log the effective policy, emit version identifiers, and test a known-good baseline before you change parameters. This project forces that discipline because you will create repeatable experiments and capture deterministic outputs, so you can explain not only what happened but why it happened.

How this fits on projects

This concept directly shapes how you implement and validate Project 6. You will configure it, observe it, and stress it under controlled conditions.

Definitions & key terms

  • unconfigured: unconfigured in the context of Lifecycle States and ROS 2 systems.
  • inactive: inactive in the context of Lifecycle States and ROS 2 systems.
  • active: active in the context of Lifecycle States and ROS 2 systems.
  • finalized: finalized in the context of Lifecycle States and ROS 2 systems.
  • transition: transition in the context of Lifecycle States and ROS 2 systems.

Mental model diagram (ASCII)

[User Code] -> [Lifecycle States] -> [rmw/DDS] -> [Wire/Runtime Effects]
       |             |               |                 |
   Config/API     Policies        Entities         Observability

How it works (step-by-step, with invariants and failure modes)

  1. A node configures the concept through API calls or config files.
  2. The rmw layer translates the settings into DDS/RTPS fields (unconfigured, inactive).
  3. Peers evaluate compatibility, matching, or timing using active and finalized.
  4. The runtime queues or state machines enforce the policy and emit data.
  5. Observability tools (logs, CLI, packet capture) confirm transition behavior.

Minimal concrete example

ros2 lifecycle set /node configure

Common misconceptions

  • Assuming defaults are identical across vendors.
  • Believing that discovery implies data flow without validating compatibility.

Check-your-understanding questions

  1. Explain how Lifecycle States changes runtime behavior in ROS 2.
  2. Predict what happens if unconfigured conflicts with inactive.
  3. Why might two nodes discover each other but still exchange no data?

Check-your-understanding answers

  1. It alters matching, buffering, or timing constraints expressed via DDS/RTPS.
  2. The endpoints fail to match or drop messages due to incompatible policy/encoding.
  3. QoS or policy mismatch prevents writer-reader matching or delivery.

Real-world applications

  • autonomy safety
  • startup/shutdown sequencing

Where you’ll apply it

  • You will apply it in Section 5.4 (Concepts You Must Understand First), Section 5.10 (Implementation Phases), and Section 6.2 (Critical Test Cases).
  • Also used in: P07-the-path-follower-actions-vs-services.md and other projects in this series.

References

  • ROS 2 lifecycle node docs
  • Safety-critical ROS patterns

Key insights

  • Lifecycle States is the lever that connects configuration to observable system behavior.

Summary

This concept is the bridge between theory and runtime evidence. Mastery means you can predict outcomes, not just observe them.

Homework/Exercises to practice the concept

  1. Capture or log a minimal trace where this concept is visible.
  2. Change one policy/setting and predict the system impact before running it.
  3. Explain the failure mode you expect if the configuration is wrong.

Solutions to the homework/exercises

  1. The trace should show the concept-specific fields or events you expect.
  2. Your prediction should name which endpoints match and how latency/loss changes.
  3. A wrong configuration should lead to mismatch, dropped data, or timeouts.

Transition Callbacks

Fundamentals

Transition Callbacks is the hooks that run during lifecycle transitions and let you allocate resources safely. In ROS 2, this concept defines how nodes coordinate, exchange data, and enforce guarantees. At a minimum you should be able to name the primary entities involved, identify where configuration lives, and explain how on_configure and on_activate influence behavior. When you debug a system, you will almost always inspect on_deactivate or on_cleanup first because those details surface mismatches early. The practical goal is to build a mental map that connects the API knobs you change to the wire-level or runtime effects you observe. If you can explain this concept without naming a single ROS 2 command, you know it as a systems principle rather than a tooling trick, which is exactly what you need for production robotics.

Deep Dive into the concept

A deeper look at Transition Callbacks starts by tracing data from the API surface to the middleware. Every time you configure on_configure or on_activate, ROS 2 expresses that intent in the rmw layer, which then maps the intent into DDS-RTPS structures. The mapping is not always one-to-one: a single policy or field can affect multiple runtime behaviors, including buffering, matching, and timing. This is why a simple change in on_deactivate can cause a subscriber to stop receiving data, or why two vendors can discover each other but never exchange payloads. The useful diagnostic strategy is to observe the graph (who matched), then the transport (what packets appear), and finally the runtime state (queues, deadlines, timers).

Failure modes cluster around mismatched assumptions. If on_cleanup is configured incorrectly, you may see data on one machine but not another, or discover that messages arrive but are rejected silently. If on_shutdown is too restrictive, you will observe a graph that looks healthy but never transitions into active data flow. In embedded settings, this can appear as missed deadlines or watchdog resets rather than explicit errors. A robust design therefore includes explicit validation: log the effective policy, emit version identifiers, and test a known-good baseline before you change parameters. This project forces that discipline because you will create repeatable experiments and capture deterministic outputs, so you can explain not only what happened but why it happened.

How this fits on projects

This concept directly shapes how you implement and validate Project 6. You will configure it, observe it, and stress it under controlled conditions.

Definitions & key terms

  • on_configure: on_configure in the context of Transition Callbacks and ROS 2 systems.
  • on_activate: on_activate in the context of Transition Callbacks and ROS 2 systems.
  • on_deactivate: on_deactivate in the context of Transition Callbacks and ROS 2 systems.
  • on_cleanup: on_cleanup in the context of Transition Callbacks and ROS 2 systems.
  • on_shutdown: on_shutdown in the context of Transition Callbacks and ROS 2 systems.

Mental model diagram (ASCII)

[User Code] -> [Transition Callbacks] -> [rmw/DDS] -> [Wire/Runtime Effects]
       |             |               |                 |
   Config/API     Policies        Entities         Observability

How it works (step-by-step, with invariants and failure modes)

  1. A node configures the concept through API calls or config files.
  2. The rmw layer translates the settings into DDS/RTPS fields (on_configure, on_activate).
  3. Peers evaluate compatibility, matching, or timing using on_deactivate and on_cleanup.
  4. The runtime queues or state machines enforce the policy and emit data.
  5. Observability tools (logs, CLI, packet capture) confirm on_shutdown behavior.

Minimal concrete example

rclcpp_lifecycle::node_interfaces::LifecycleNodeInterface::CallbackReturn

Common misconceptions

  • Assuming defaults are identical across vendors.
  • Believing that discovery implies data flow without validating compatibility.

Check-your-understanding questions

  1. Explain how Transition Callbacks changes runtime behavior in ROS 2.
  2. Predict what happens if on_configure conflicts with on_activate.
  3. Why might two nodes discover each other but still exchange no data?

Check-your-understanding answers

  1. It alters matching, buffering, or timing constraints expressed via DDS/RTPS.
  2. The endpoints fail to match or drop messages due to incompatible policy/encoding.
  3. QoS or policy mismatch prevents writer-reader matching or delivery.

Real-world applications

  • safe sensor startup
  • recovery on failure

Where you’ll apply it

  • You will apply it in Section 5.4 (Concepts You Must Understand First), Section 5.10 (Implementation Phases), and Section 6.2 (Critical Test Cases).
  • Also used in: P07-the-path-follower-actions-vs-services.md and other projects in this series.

References

  • rclcpp_lifecycle docs
  • ROS 2 design: lifecycle

Key insights

  • Transition Callbacks is the lever that connects configuration to observable system behavior.

Summary

This concept is the bridge between theory and runtime evidence. Mastery means you can predict outcomes, not just observe them.

Homework/Exercises to practice the concept

  1. Capture or log a minimal trace where this concept is visible.
  2. Change one policy/setting and predict the system impact before running it.
  3. Explain the failure mode you expect if the configuration is wrong.

Solutions to the homework/exercises

  1. The trace should show the concept-specific fields or events you expect.
  2. Your prediction should name which endpoints match and how latency/loss changes.
  3. A wrong configuration should lead to mismatch, dropped data, or timeouts.

Liveliness & Health Checks

Fundamentals

Liveliness & Health Checks is mechanisms for detecting node failure and triggering safe state transitions. In ROS 2, this concept defines how nodes coordinate, exchange data, and enforce guarantees. At a minimum you should be able to name the primary entities involved, identify where configuration lives, and explain how liveliness QoS and heartbeat influence behavior. When you debug a system, you will almost always inspect timeout or watchdog first because those details surface mismatches early. The practical goal is to build a mental map that connects the API knobs you change to the wire-level or runtime effects you observe. If you can explain this concept without naming a single ROS 2 command, you know it as a systems principle rather than a tooling trick, which is exactly what you need for production robotics.

Deep Dive into the concept

A deeper look at Liveliness & Health Checks starts by tracing data from the API surface to the middleware. Every time you configure liveliness QoS or heartbeat, ROS 2 expresses that intent in the rmw layer, which then maps the intent into DDS-RTPS structures. The mapping is not always one-to-one: a single policy or field can affect multiple runtime behaviors, including buffering, matching, and timing. This is why a simple change in timeout can cause a subscriber to stop receiving data, or why two vendors can discover each other but never exchange payloads. The useful diagnostic strategy is to observe the graph (who matched), then the transport (what packets appear), and finally the runtime state (queues, deadlines, timers).

Failure modes cluster around mismatched assumptions. If watchdog is configured incorrectly, you may see data on one machine but not another, or discover that messages arrive but are rejected silently. If deadman is too restrictive, you will observe a graph that looks healthy but never transitions into active data flow. In embedded settings, this can appear as missed deadlines or watchdog resets rather than explicit errors. A robust design therefore includes explicit validation: log the effective policy, emit version identifiers, and test a known-good baseline before you change parameters. This project forces that discipline because you will create repeatable experiments and capture deterministic outputs, so you can explain not only what happened but why it happened.

How this fits on projects

This concept directly shapes how you implement and validate Project 6. You will configure it, observe it, and stress it under controlled conditions.

Definitions & key terms

  • liveliness QoS: liveliness QoS in the context of Liveliness & Health Checks and ROS 2 systems.
  • heartbeat: heartbeat in the context of Liveliness & Health Checks and ROS 2 systems.
  • timeout: timeout in the context of Liveliness & Health Checks and ROS 2 systems.
  • watchdog: watchdog in the context of Liveliness & Health Checks and ROS 2 systems.
  • deadman: deadman in the context of Liveliness & Health Checks and ROS 2 systems.

Mental model diagram (ASCII)

[User Code] -> [Liveliness & Health Checks] -> [rmw/DDS] -> [Wire/Runtime Effects]
       |             |               |                 |
   Config/API     Policies        Entities         Observability

How it works (step-by-step, with invariants and failure modes)

  1. A node configures the concept through API calls or config files.
  2. The rmw layer translates the settings into DDS/RTPS fields (liveliness QoS, heartbeat).
  3. Peers evaluate compatibility, matching, or timing using timeout and watchdog.
  4. The runtime queues or state machines enforce the policy and emit data.
  5. Observability tools (logs, CLI, packet capture) confirm deadman behavior.

Minimal concrete example

liveliness=MANUAL_BY_TOPIC, lease_duration=1s

Common misconceptions

  • Assuming defaults are identical across vendors.
  • Believing that discovery implies data flow without validating compatibility.

Check-your-understanding questions

  1. Explain how Liveliness & Health Checks changes runtime behavior in ROS 2.
  2. Predict what happens if liveliness QoS conflicts with heartbeat.
  3. Why might two nodes discover each other but still exchange no data?

Check-your-understanding answers

  1. It alters matching, buffering, or timing constraints expressed via DDS/RTPS.
  2. The endpoints fail to match or drop messages due to incompatible policy/encoding.
  3. QoS or policy mismatch prevents writer-reader matching or delivery.

Real-world applications

  • robot safety interlocks
  • fleet monitoring

Where you’ll apply it

  • You will apply it in Section 5.4 (Concepts You Must Understand First), Section 5.10 (Implementation Phases), and Section 6.2 (Critical Test Cases).
  • Also used in: P07-the-path-follower-actions-vs-services.md and other projects in this series.

References

  • DDS QoS liveliness policy
  • ROS 2 health monitoring patterns

Key insights

  • Liveliness & Health Checks is the lever that connects configuration to observable system behavior.

Summary

This concept is the bridge between theory and runtime evidence. Mastery means you can predict outcomes, not just observe them.

Homework/Exercises to practice the concept

  1. Capture or log a minimal trace where this concept is visible.
  2. Change one policy/setting and predict the system impact before running it.
  3. Explain the failure mode you expect if the configuration is wrong.

Solutions to the homework/exercises

  1. The trace should show the concept-specific fields or events you expect.
  2. Your prediction should name which endpoints match and how latency/loss changes.
  3. A wrong configuration should lead to mismatch, dropped data, or timeouts.

3. Project Specification

3.1 What You Will Build

A managed camera node with a supervisor that transitions it between states based on health checks.

Included features:

  • Deterministic startup with explicit configuration.
  • Observability (logs/CLI output) that exposes discovery/data flow.
  • A reproducible demo and a failure case.

Excluded on purpose:

  • Full robot control stacks or SLAM pipelines.
  • Custom GUIs beyond CLI output.

3.2 Functional Requirements

  1. **State machine correctness: **State machine correctness -> Handling transitions safely.
  2. **Health monitoring: **Health monitoring -> Detecting dropped frames.
  3. **Error handling: **Error handling -> Resetting to Inactive on failure.
  4. Deterministic startup: The project must start with a reproducible, logged configuration.
  5. Observability: Provide CLI or log output that confirms each major component is working.

3.3 Non-Functional Requirements

  • Performance: Must meet the throughput/latency targets documented in the benchmark.\n- Reliability: Must handle common network or runtime failures gracefully.\n- Usability: CLI flags and logs must make configuration and diagnosis obvious.

3.4 Example Usage / Output

$ ros2 lifecycle set /deadman configure
$ ros2 lifecycle set /deadman activate
[INFO] node active, heartbeat published

3.5 Data Formats / Schemas / Protocols

/diagnostics message
status: OK|WARN|ERROR
last_heartbeat: timestamp

3.6 Edge Cases

  • Transition called twice
  • Activation while resources unavailable
  • Heartbeat timeout

3.7 Real World Outcome

By the end of this project you will have a reproducible system that produces the same observable signals every time you run it. You will be able to point to console output, captured packets, or bag files and explain exactly why the result is correct. You will also be able to force a failure and demonstrate a clean error path.

3.7.1 How to Run (Copy/Paste)

# Build
colcon build --packages-select project_6
# Run
source install/setup.bash
# Start the main node/tool
./run_project_6.sh

3.7.2 Golden Path Demo (Deterministic)

$ ros2 lifecycle set /deadman configure
$ ros2 lifecycle set /deadman activate
[INFO] node active, heartbeat published

3.7.3 Failure Demo (Deterministic)

$ ros2 lifecycle set /deadman activate
[ERROR] cannot activate from UNCONFIGURED

4. Solution Architecture

4.1 High-Level Design

[Input/Config] -> [Core Engine] -> [ROS 2/DDS] -> [Observability Output]

4.2 Key Components

Component Responsibility Key Decisions
Lifecycle Node Implements states and transitions Resource allocation on configure
Supervisor Monitors liveliness and transitions Safe shutdown behavior
Health Publisher Emits heartbeat/diagnostics Deterministic timing

4.3 Data Structures (No Full Code)

enum class LCState { UNCONFIGURED, INACTIVE, ACTIVE, FINALIZED };

4.4 Algorithm Overview

Key Algorithm: Core Pipeline

  1. Start unconfigured
  2. Configure resources
  3. Activate
  4. Monitor liveliness

Complexity Analysis:

  • Time: O(n) over messages/events processed
  • Space: O(1) to O(n) depending on buffering

5. Implementation Guide

5.1 Development Environment Setup

# Install ROS 2 and dependencies
sudo apt-get update
sudo apt-get install -y ros-$ROS_DISTRO-ros-base python3-colcon-common-extensions

5.2 Project Structure

project-root/
|-- src/
|   |-- main.cpp
|   |-- config.yaml
|   `-- utils.cpp
|-- scripts/
|   `-- run_project.sh
|-- tests/
|   `-- test_core.py
`-- README.md

5.3 The Core Question You’re Answering

“How do I build nodes that are safe to start, stop, and recover in production?”

5.4 Concepts You Must Understand First

Stop and research these before coding:

  1. Lifecycle States
    • What breaks if this is misconfigured?
    • How will you observe it?
  2. Transition Callbacks
    • What breaks if this is misconfigured?
    • How will you observe it?
  3. Liveliness & Health Checks
    • What breaks if this is misconfigured?
    • How will you observe it?

5.5 Questions to Guide Your Design

  1. What health metric triggers deactivation?
  2. How will you signal errors to the supervisor?

5.6 Thinking Exercise

Design a minimal lifecycle supervisor state diagram.

5.7 The Interview Questions They’ll Ask

  1. “What is the difference between Active and Inactive?”
  2. “Why use lifecycle nodes in robotics?”

5.8 Hints in Layers

Hint 1: Use rclcpp_lifecycle::LifecycleNode Hint 2: Implement on_activate and on_deactivate Hint 3: Use lifecycle services Call ros2 lifecycle set /node activate to test transitions. Hint 4: Add explicit health metrics Publish a heartbeat topic and monitor for missed intervals.

5.9 Books That Will Help

Topic Book Chapter
Topic Book Chapter
State Machines “Design Patterns” State pattern

5.10 Implementation Phases

Phase 1: Foundation (2-3 days)

Goals:

  • Reproduce the baseline example from the original project outline.
  • Validate toolchain, dependencies, and environment variables.

Tasks:

  1. Create the repository and baseline project structure.
  2. Run a minimal example to confirm discovery/data flow.

Checkpoint: You can reproduce the minimal example and collect logs.

Phase 2: Core Functionality (2-3 weeks)

Goals:

  • Implement the full feature set from the requirements.
  • Instrument key metrics and logs.

Tasks:

  1. Implement each component and integrate them.
  2. Add CLI/config flags for core parameters.

Checkpoint: Golden path demo succeeds with deterministic output.

Phase 3: Polish & Edge Cases (3-5 days)

Goals:

  • Handle failure scenarios and document them.
  • Create a short report/README describing results.

Tasks:

  1. Add error handling, timeouts, and validation.
  2. Capture failure demo output and metrics.

Checkpoint: Failure demo yields the expected errors and exit codes.

5.11 Key Implementation Decisions

Decision Options Recommendation Rationale
Transport UDP, shared memory, serial UDP for baseline Simplest to observe and debug
QoS Default, tuned Default then tune Establish baseline before optimization

6. Testing Strategy

6.1 Test Categories

Category Purpose Examples
Unit Tests Validate parsers and helpers Packet decoder, config parser
Integration Tests End-to-end ROS 2 flow Publisher -> Subscriber -> Metrics
Edge Case Tests Failures & mismatches Wrong domain ID, missing config

6.2 Critical Test Cases

  1. Test 1: Baseline message flow works end-to-end.
  2. Test 2: Configuration mismatch produces a clear, actionable error.
  3. Test 3: Performance/latency stays within documented bounds.

6.3 Test Data

Use a fixed dataset or fixed random seed to make metrics reproducible.

7. Common Pitfalls & Debugging

7.1 Frequent Mistakes

Pitfall Symptom Solution
QoS mismatch Discovery works but no data Align policies explicitly
Misconfigured env vars No nodes discovered Print and validate env on startup
Network filtering Intermittent data Check firewall and multicast settings

7.2 Debugging Strategies

  • Start from the graph: confirm discovery before tuning QoS.
  • Capture packets: validate that RTPS traffic appears on expected ports.

7.3 Performance Traps

If throughput is low, check for unnecessary serialization, small history depth, or lack of shared memory.

8. Extensions & Challenges

8.1 Beginner Extensions

  • Add verbose logging and a dry-run mode.
  • Add a simple configuration file parser.

8.2 Intermediate Extensions

  • Add metrics export to CSV or JSON.
  • Add automated regression tests.

8.3 Advanced Extensions

  • Implement cross-vendor compatibility validation.
  • Add chaos testing with randomized loss/latency patterns.

9. Real-World Connections

9.1 Industry Applications

  • Fleet robotics where reliability must be guaranteed under lossy Wi-Fi.
  • Industrial systems that require deterministic startup and clear failure modes.
  • ROS 2 core repositories (rcl, rmw, rosidl)
  • DDS vendors: Fast DDS, Cyclone DDS

9.3 Interview Relevance

  • Explain QoS compatibility and discovery failures.
  • Describe how to debug why nodes discover but do not communicate.

10. Resources

10.1 Essential Reading

  • “Mastering ROS 2 for Robotics Programming” (focus on the sections related to Lifecycle States)
  • ROS 2 official docs for the specific APIs used in this project

10.2 Video Resources

  • ROS 2 community talks on middleware and DDS
  • Vendor tutorials on discovery and QoS

10.3 Tools & Documentation

  • ROS 2 CLI and rclcpp/rclpy docs
  • Wireshark or tcpdump for network visibility
  • Project 5: Builds prerequisite concepts
  • Project 7: Extends the middleware layer

11. Self-Assessment Checklist

11.1 Understanding

  • I can explain Lifecycle States without notes
  • I can explain how QoS and discovery interact
  • I understand why the system fails when policies mismatch

11.2 Implementation

  • All functional requirements are met
  • Golden path demo succeeds
  • Failure demo produces expected errors

11.3 Growth

  • I can explain this project in a technical interview
  • I documented lessons learned and configs
  • I can reproduce the results on another machine

12. Submission / Completion Criteria

Minimum Viable Completion:

  • Golden path demo output matches documentation
  • At least one failure scenario is documented
  • Metrics or logs demonstrate correct behavior

Full Completion:

  • All minimum criteria plus:
  • Compatibility verified across at least two QoS settings
  • Results written to a short report

Excellence (Going Above & Beyond):

  • Automated regression tests for discovery/QoS behavior
  • Clear compatibility matrix or benchmark chart