Since programming errors may result in a drone loss there are several safety mechanisms in place. Note that all the features below are autopilot functions that are not dependent on the mobile node, i.e., even if the mobile node fails completely, the autopilot will be able to safely bring the drone home.
Abort Signal (Kill Switch)
The drone is equipped with an RC receiver, and a corresponding RC transmitter on the ground can be used to transmit an abort signal to the drone. The signal is sent on channel 7 and two different actions are available when the signal is triggered:
- Return To Launch (RTL), where the drone aborts its current mission, climbs at a pre-specified altitude (RTL Altitude), then returns to the Home (defined as the location where the drone was armed last)
- Land, where the drone aborts the current mission and simply lands at a pre-specified landing speed.
Since, during Land, there is no X/Y control, wind may push the drone in an undesirable landing area, therefore RTL is the preferred abort mode.
GeoFencing
The autopilot we use has the ability to provide geofencing, i.e., to trigger an abort signal if the drone flies outside of a predefined circle, or a predefined polygon. We use the polygon to define the area where the drones can safely fly.
Battery Failsafe
The Drone has a battery voltage (and current, but current measurements is not very accurate, and not terribly useful) monitor, and can (and should) be set to land if the battery voltage drops too low. This is preferable to the drone crashing due to battery failure. The fail voltage should be about 3.2V*number_of_cells, i.e., 9.6V for our drone.
GPS Failsafe
In case of a GPS failure, the drone will likely be unable to complete its current mission, and it is safer to enable the GPS failsafe, that lands the drone if GPS fails.
GCS Failsafe
The autopilot has the option to abort the mission if it loses contact to the ground control station (GCS). For our missions the GSC is not required, and we therefore do not enable this failsafe.
