Summary: | In order to handle undesirable failures of a multicopter, which occurs in either the pre-flight process or the in-flight process, a failsafe mechanism design method based on supervisory control theory (SCT) is proposed for the semi-autonomous control mode. The failsafe mechanism is a control logic that guides what subsequent actions the multicopter should take, by taking account of real-time information from guidance, attitude control, diagnosis and other low-level subsystems. In order to design a failsafe mechanism for the multicopters, safety issues of the multicopters are introduced. Then, user requirements including functional requirements and safety requirements are textually described, where functional requirements guide the modelling of a general multicopter plant, and safety requirements cover the failsafe measures dealing with the presented safety issues. Based on these requirements, several multicopter modes and events are defined. On this basis, the multicopter plant and control specifications are modelled by automata. Then, a supervisor is synthesized by using SCT. In addition, the authors present three examples to demonstrate the potential conflicting phenomena due to the inappropriate design of control specifications. Finally, based on the obtained supervisor, an implementation method suitable for multicopters is presented, in which the supervisor is transformed into decision-making codes.
|