WP4-07
Run-Time Safety Checker
| ID | WP4-07 |
| Contributor | ROT |
| Levels | Functional |
| Require | Set of safety rules based on risk assessment |
| Provide | Increasing flight control thus preventing harm to drones, object or people. |
| Input | Sensor parameters |
| Output | Operational status |
| TRL | 3 |
General Description
The RSC (Run-Time Safety Checker) is a software module proposed to be used for control and management of the parameters that could be critical for the flight of the drone. The implementation is based on the predefined Safety Rules, which define the functioning of the component, and it will be activated whenever one of the safety rules fails and thus it will implement a resolution procedure. The module requires the management of several parameters and their combination as the conditions that may occur are various.
Specification and contribution
In the C4D project it was considered a scenario regarding bad atmospheric conditions. Particular temperature and humidity values can affect the navigation of the drone to the point of compromising the mission, so these parameters must be constantly monitored and kept under control. Two different risky situations have been considered:
- A critical battery temperature value, overcoming battery’s safe thresholds, can lead to an early battery discharge or compromise its operativity;
- A combination of low temperature and high humidity could cause the icing phenomenon on drone’s control surfaces, compromising the flight attitude or, in the worst case, stalling it.
The module monitors, at runtime, the parameters value acquired by the on-board sensors. Sensor parameter values are the input of the Runtime Monitoring, which controls the range at which these values belong to. The ranges define three different state: safe, warning and critical, where in the first one drone flight normally and in the last one drone should abort its mission and land immediately since there are no longer safety conditions to fly. The module activates a safety procedure whenever one or more thresholds are exceeded, in other words, every time a safety rule is broken. When this occurs, the module changes its state to Warning or Critical state, depending on the values of the parameters. When the measured values identify a Warning or Critical state, the RSC activates a risky situation implementing the operations defined for specific status.
Design and Implementation
The component is delivered as a software library developed in C++. Its entry point is the RuntimeMonitor which takes as input a vector of float values containing the battery temperature, the external temperature and the humidity, as registered by the sensors. These are, subsequently, fed to the AssessmentManager which takes care of sorting calls to the RSCController and the DecisionHandler. Making use of the methods provided by the SafetyChecker, the RSCController evaluates the situation according to the values it received as input; afterwards, the DecisionHandler takes as input the output of the RSCController and sends out the situation assessment.
Reference
[1] Ranquist E., Steiner M., Argrow B., Exploring the range of weather impacts on UAS operations. 18th Conference on Aviation, Range and Aerospace Meteorology, Seattle, WA, 2017
[2] Apparatus for controlling safety of drone, Cho Sung-sik, Hoonmo Kim, 2016