Autonomous Drone Safety

Imagine flying robots traveling vast distances to deliver packages and taking pictures- doing work that is either too expensive, time-consuming, dangerous or even impossible for humans to do. Not so long ago this may have sounded like pure science fiction, but today it is a reality. The commercial, governmental and hobby use of drones has grown exponentially in the last few years as they have become more widely available, less expensive, more versatile, and have seen significant increases in their performance and battery life. As drone technology became more and more affordable and the equipment became more easily available, business quickly discovered that drones offered a low-cost, effective alternative to commercial aviation providers.

The use of drones was quickly adopted by the film and television industry, with sports broadcasting and law enforcement soon realizing the value and implementing the use of drones in their operations. Scientists have adopted the use of drones to monitor wildlife and to collect data in dangerous situations they have not had access to before such as inside a live volcano. As a basic concept, the idea of an Unmanned Aerial Vehicle (UAV or “drone”) is “childishly” simple: a miniature plane that can be piloted remotely. The major difference between UAVs and the toys of our childhood is the sophistication of the vehicles themselves and of their navigation and pilot systems. Given that these vehicles enter civil airspace and will continue to do so more and more as they begin to be used for an increasing number of civilian activities, the safety and security of UAV software has become critical. It’s paramount that we raise the stakes in terms of the inherent safety of these systems to avoid collisions, and formal guarantees on the safety.This expansion in UAV’s challenges the FAA’s goal “to provide the safest, most efficient aerospace system in the world.” With no human pilot onboard, the control software is chiefly responsible for maintaining UAV safety and security. As demanded by FAA airworthiness rules and the military, as well as for operations close to humans, it is generally necessary to make strong assertions about the safety of a system. This expansion in UAV’s challenges the FAA’s goal “to provide the safest, most efficient aerospace system in the world.” With no human pilot onboard, the control software is chiefly responsible for maintaining UAV safety and security. As demanded by FAA airworthiness rules and the military, as well as for operations close to humans, it is generally necessary to make strong assertions about the safety of a system.TheFAA’s policy statement focused on safety concerns posed by the widespread use of UAVs, which the FAA noted “range in size from wingspans of six inches to 246 feet; and can weigh from approximately four ounces to over 25,600 pounds.” The rapid proliferation of UAV’s also worried the FAA, which noted that in 2007, at least 50 companies, universities, and government organizations were developing and producing some 155 unmanned aircraft designs. “The concern was not only that unmanned aircraft operations might interfere with commercial and general aviation aircraft operations,” wrote the FAA, “but that they could also pose a safety problem for other airborne vehicles, and persons or property on the ground.” The major primary safety concerns arising from the use of UAVs in the United States are:  Inability for UAVs to recognize and avoid other aircraft and airborne objects in a manner similar to manned aircraft;  Vulnerabilities in the command and control of UAV operations. In other words, GPS-jamming, hacking and the potential for cyber-terrorism;  Difficulties in guaranteeing the safety of the system  Complexity of autonomy algorithms and challenges in designing an autonomy architecture for certification. One of the primary consequences of the separation between aircraft and operator is that the operator is deprived of a range of sensory cues that are available to the pilot of a manned aircraft. Therefore, a robot must be able to reliably detect and recognize obstacles before it can avoid them. Rather than receiving direct sensory input from the environment in which his/her vehicle is operating, a UAV operator receives only that sensory information provided by onboard sensors via datalink. Currently, this consists primarily of visual imagery covering a restricted field-of-view. Sensory cues that are lost therefore include ambient visual information, kinesthetic/vestibular input, and sound. As compared to the pilot of a manned aircraft, thus, a UAV operator can be said perform in relative “sensory isolation” from the vehicle under his/her control. Some of the environmental challenges faced by the Drones are from different weather conditions like fog, wind while it can also face a lot of small obstacles on its way. Flying in wind can be difficult and in particular challenges the control and autonomy algorithms to guarantee that correct execution is possible. Collision avoidance is an important requirement for autonomous flights. Although multiple solutions for obstacle detection and collision avoidance of UAV’s exist, these solutions suffer from different drawbacks. In general, the existing solutions can be divided into two types: The first type contains simple collision avoidance solutions which are based on avoiding collisions by steering the vehicle into opposite direction using different techniques. The biggest drawback of such solutions is that it is challenging to guarantee that these steering/reactive methods will reach a goal and that the combined avoidance behavior will avoid all obstacles under all situations. The second type can be described as a search or optimization algorithm based solution. These solutions avoid collisions by mapping, positioning, and planning within a map. Planning enables the drones to deliberately avoid collisions. Compared to the first type, these solutions do not limit the mission, but the collision avoidance requires a more precise understanding of the world and potentially requires considerable memory and computational power compared to the already mentioned simple solutions. Software developed for use in larger drones falls under the guidelines of DO-178, “Software Considerations in Airborne Systems and Equipment Certification.” Both DO-178B and the recently ratifiedSoftware developed for use in larger drones falls under the guidelines of DO-178, “Software Considerations in Airborne Systems and Equipment Certification.” Both DO-178B and the recently ratified DO-178C provide detailed guidelines for the production of all software for airborne systems and equipment, whether safety-critical or not. As part of these guidelines, DO-178B/C defines Design Assurance Levels (DALs) with Level A involving the most rigorous safeguard against failure. Software developed for use in larger drones falls under the guidelines of DO-178, “Software Considerations in Airborne Systems and Equipment Certification.” Both DO-178B and the recently ratified DO-178C provide detailed guidelines for the production of all software for airborne systems and equipment, whether safety-critical or not. As part of these guidelines, DO-178B/C defines Design Assurance Levels (DALs) with Level A involving the most rigorous safeguard against failure. One of the challenges in guaranteeing that autonomous drone software is safe is that the number of test cases required for autonomy algorithms makes their exhaustive generation or testing infeasible with simple methods. The “smartness” of the drone is essentially the number of different behavior the drone can choose from. These choices make verification challenging. Another challenge in DO-178 verification is that the typical fallback for a failure in avionics systems is to hand back control to the pilot. However, for an autonomous drone flying out of line-of-sight this is not an option anymore. One of the focus areas of the AirLab at Carnegie Mellon is to develop safe drones and technologies. Over the years, we have developed many collision avoidance algorithms to avoid collision with the terrain from small quadrotors[4] to medium sized helicopters[5], and full-scale autonomous helicopters[6]. More recently, our group has also started to focus on giving stronger guarantees for the safety of an autonomous system. In particular, we have looked at if we can show the safety trajectories being disturbed by wind[7], guaranteeing avoidance of late detected wires[8], and showing the correctness of motion algorithms . Authors  Sebastian Scherer Sahil Nyati References 1) Calhoun, G.L., Draper, M.H., Ruff, H.A., & Fontejon, J.V. (2002). Utility of a tactile display for cueing faults. Proceedings of the Human Factors and Ergonomics Society 46th Annual Meeting,2144-2148. 2) Van Erp, J.B.F., & Van Breda, L. (1999). Human factors issues and advanced interface design in maritime unmanned aerial vehicles: A project overview (Report TNO TM-99-A004). Soesterberg, The Netherlands: TNO Human Factors Research Institute. 3) Pitchford, Mark. “What’s Needed to Ensure Safety and Security in UAV Software.” Military EmbeddedSystems. 4) Stephen T. Nuske, Sanjiban Choudhury, Sezal Jain, Andrew D. Chambers, Luke Yoder, Sebastian Scherer, Lyle J. Chamberlain,Hugh Cover, and Sanjiv Singh, “Autonomous Exploration and Motion Planning for an Unmanned Aerial Vehicle Navigating Rivers,” Journal of Field Robotics, June, 2015 5) Sebastian Scherer, Sanjiv Singh, Lyle J. Chamberlain, and Mike Elgersma, “Flying Fast and Low Among Obstacles: Methodology and Experiments,” The International Journal of Robotics Research, Vol. 27, No. 5, pp. 549-574, May, 2008 6) Sankalp Arora, Sanjiban Choudhury, Sebastian Scherer, and Daniel Althoff, “A Principled Approach to Enable Safe and High-Performance Maneuvers for Autonomous Rotorcraft,” AHS 70th Annual Forum, Montre ́al, Que ́bec, Canada, May 20–22, May, 2014 7) Daniel Althoff and Sebastian Scherer, “Connected Invariant Sets for High-Speed Motion Planning in Partially-Known Environments,” 2015 IEEE International Conference on Robotics and Automation, March, 2015 8) Daniel Althoff, Matthias Althoff, and Sebastian Scherer, “Online Safety Verification of Trajectories for Unmanned Flight with Offline Computed Robust Invariant Sets,” IEEE/RSJ International Conference on Intelligent Robots and Systems, September, 2015