This documentation is under construction. Help us improve it by sending your recommendations and suggestions to support@ara-uas.com.
Failsafes
- Hadrien Beck (Deactivated)
- Abbas Chamseddine
- Elena Toutchinskaia (Deactivated)
This page explains how Failsafes operate and how to configure them.
Page Summary
Description
The failsafes layer is the last chain of actions taken when the main components of the UAS stop responding. The goal of this module is to ensure protection of the UAS and its payload when dysfunctions take place.
What are the available failsafes modules?
UAS operations are protected against:
- Low battery
- Loss of GPS fix or navigation devices
- Loss of communication link between the UAS and the Data Link
- Loss of the radio controller (RC)
Failsafes Modules
In this section, we will describe each failsafe module individually, explain when they will trigger and if it is possible, how they can be configured.
Manual Recovery after a Failsafe
When the UAS have triggered a Failsafe, the pilot can regain control by switching to manual mode. In this case, the pilot must have sufficient skills to manually fly the UAS and must land safely the UAS as soon as possible.
Battery Failsafe
This failsafe prevents abnormal behaviour due to low battery charge. This failsafe has three different stages.
Stage 1
Battery stage 1 is the first trigger about the battery charge. By default, the first stage battery failsafe is set to 3.9V/cell in Sky Control. Both the voltage value of the first stage and the action that will occur, can be changed in the UAS Configuration section in SkyControl, as shown in the figure below.
Stage 2
Battery stage 2 is triggered when the voltage per cell goes below the recommended value of 3.7V/cell. This voltage value and the action that will occur, are configurable in SkyControl, as shown in the figure below.
Exiting Battery FailSafe
During the autonomous RTL and landing or Recovery Landing, the pilot can always regain control of the UAS if he judges that the autonomous maneuver is being unsafe. The pilot can regain control by switching to manual mode. In this case, the pilot must have sufficient skills to manually fly the UAS and must safely land it as soon as possible.
Stage 3
Battery stage 3 is set to 3.3V/cell and is not configurable. At this point, the UAS is having a serious lack of battery power, the pilot should avoid getting to this point.
Battery FailSafe Stage 3 in Assisted Modes
At Stage 3, the UAS will be set into the Recovery Landing mode. The pilot can regain control by switching to manual mode. When the UAS is operated in manual mode, no actions are triggered at this stage, only a warning message is issued.
Exiting Battery FailSafe
During the autonomous RTL and landing or the Recovery Landing, the pilot can always regain control of the UAS if he judges that the autonomous maneuver is unsafe. The pilot can regain control by switching to manual mode. In this case, the pilot must have sufficient skills to manually fly the UAS and must safely land it as soon as possible.
INS Failsafe
The INS has four possible status:
INS Position
The INS has full position navigation solution if a GPS antenna is installed and GPS fix is available along with good position/velocity accuracy.
INS Altitude
The INS has only the altitude navigation solution if no GPS antenna is installed, or if a GPS antenna is installed but no GPS fix is available in the flight zone.
INS Attitude
The INS has only the attitude solution if no GPS fix is available and the barometer is no longer reliable.
INS Broken
When no navigation devices are available, the INS will be declared as broken.
The INS failsafe ensures that the UAS has the best INS navigation solution available at all times. The failsafe module will take different actions depending on the current flight mode and the available navigation solution. The table here-after summarizes the actions taken by the INS failsafe module. The columns represent the currently flown mode, whereas the rows represent the INS status.
| Flying in Mission, RTL or Position Mode | Flying in Altitude Mode | Flying in Manual Mode | |
|---|---|---|---|
| and INS full position is available | No action is taken | Failsafe will allow to switch to mission, RTL or position mode when these modes are requested by the pilot | Failsafe will allow to switch to mission, RTL or position mode when these modes are requested by the pilot |
| and only INS altitude is available | Failsafe will automatically switch to altitude mode and prevent switching to higher modes even if they are requested by the pilot | No action is taken | Failsafe will allow to switch to altitude mode if requested by the pilot |
| and only INS attitude is available | Failsafe will automatically switch to manual mode and prevent switching to higher modes even if they are requested by the pilot | Failsafe will automatically switch to manual mode and prevent switching to higher modes even if they are requested by the pilot | No action is taken |
| and INS is declared as broken | UAS will kill | UAS will kill | UAS will kill |
INS Status
INS current status can be known through the LED indicator, as explained here. SkyControl messages will also inform the pilot about any changes about INS status.
Data Link Failsafe
The Data Link failsafe only applies to mission mode. This module protects against the loss of communication between SKYMATE and SkyControl.
Stage 1
Data Link stage 1 is the first trigger when your Data Link is not responding. By default, the first stage of Data Link failsafe is set to 2 seconds in SkyControl. You can change both the elapsed time of the first stage and the action that will occur, in the UAS Configuration section of SkyControl, as shown in the figure below.
Stage 2
Data Link stage 2 is triggered after the amount of time set in the Configuration section.
Stage 3
Data Link stage 3 is triggered after the amount of time set in the Configuration section.
Data Link Regain
If Data Link is restored, the current mission could be restarted by pressing the play button.
Exiting Data Link Failsafe
During the autonomous RTL and landing or the Recovery Landing, the pilot can always regain control of the UAS if he judges that the autonomous RTL and landing is unsafe. The pilot can regain control by switching to position or manual mode.
Radio Controller Failsafe
The radio controller is the most critical component of the UAS, as it is essential in all flight modes. Loss of radio control can take place due to low RC batteries, out-of-range UAS or faulty RC. The radio failsafe is build with two stages of action.
Stage 1
Immediately after the RC is detected as completely not alive, an RC Stage 1 warning will appear. The user can choose to trig no action or a hovering action, as shown in the image below:
The failsafe module will take different actions, depending on the current flight mode and the available navigation solution. If the UAS is flown in:
RTL Mode
→ No action is taken
Position Mode
→ The UAS will switch to mission mode, keep its current altitude and pause.
Altitude or Manual Mode
→ If the INS full position solution is available, the UAS will switch to mission mode, keep its current altitude and pause.
Stage 2
After the configurable amount of time is set in SkyControl for Stage 2, an RC Stage 2 error will appear.
At this moment, SKYMATE flight mode will change to the one selected in the configuration menu.
Exiting RC Failsafe
During the autonomous RTL and landing or Recovery Landing, the pilot can always regain control of the UAS if the RC communication is restored. In this case, the pilot must toggle the mode switch to regain control and choose the desired mode. If the mission mode is selected again, the UAS will pause until the pilot restarts the mission.
RC Failsafe
If the RC communication is restored after a loss, it is recommended to land the UAS and investigate the cause of the problem before flying again.
© ARA Robotique Inc - 2018