Run-Time Safety Checker

General Description

The RSC (Run-Time Safety Checker) is a software module proposed to be used for control and management of the parameters that could be critical for the flight of the drone. The implementation is based on the predefined Safety Rules, which define the functioning of the component. The RSC will be activated whenever one of the safety rules fails and it will implement a resolution procedure. The module requires the management of several parameters and their combination, as the conditions that may occur are various.

Specification and contribution

In the C4D project it was considered a scenario regarding bad atmospheric conditions. Specific temperature and humidity values can affect the navigation of the drone to the point of compromising the mission, so these parameters must be constantly monitored and kept under control. Two different risky situations have been considered:

• A critical battery temperature value, overcoming battery’s safe thresholds, can lead to an early battery discharge or compromise its operability;
• A combination of low temperature and high humidity could cause the icing phenomenon on the drone’s control surfaces, compromising the flight attitude or, in the worst case, stalling it.

The module monitors, at runtime, the parameter values acquired by the on-board sensors. Sensor parameter values are the input of the Runtime Monitoring, which controls the range in which these values are. The ranges define three different states: safe, warning and critical, covering cases ranging from safe conditions for a normal flight, to the necessity for the drone to abort its mission and land immediately, since conditions for a safe flight are no longer guaranteed. The module activates a safety procedure whenever one or more thresholds are exceeded, in other words, every time a safety rule is broken. When this occurs, the module changes its state to Warning or Critical state, depending on the values of the parameters. When the measured values identify a Warning or Critical state, the RSC activates a risky situation implementing the operations defined for that specific status.

Design and Implementation

The component is delivered as a software library developed in C++. Its entry point is the RuntimeMonitor which takes as input a vector of float values containing the battery temperature, the external temperature and the humidity, as registered by the sensors. These are, subsequently, fed to the AssessmentManager which takes care of sorting calls to the RSCController and the DecisionHandler. Making use of the methods provided by the SafetyChecker, the RSCController evaluates the situation according to the values it received as input; afterwards, the DecisionHandler takes as input the output of the RSCController and sends out the situation assessment.

WP4-07-ROT Runtime Safety Checker information flow

Reference

[1] Ranquist E., Steiner M., Argrow B., Exploring the range of weather impacts on UAS operations. 18th Conference on Aviation, Range and Aerospace Meteorology, Seattle, WA, 2017

[2] Apparatus for controlling safety of drone, Cho Sung-sik, Hoonmo Kim, 2016

[3] https://github.com/RoTechnology/Run-time-Safety-Checker