Hi,
I'm new to this so this might be completely stupid but bear with me.
I'm thinking about creating a drone with no single-points-of-failure.
Could this work in real life?
Relay 1,2,.. are a bit abstract but the point is that they can select signal from Flight Controller 1 or 2 and Battery 1 or 2.
The relays would probably be controlled by a very simple embedded chip (not pictured) that would monitor both redundant setups (would probably talk to both Onboard Computers) and would trigger the relays to switch in case of a Onboard Computer failure.
Could this work? Would it improve flight safety significantly?
Replies
Very interesting, thanks. I'll need to read up on this!
The Zipline UAV is a good example of increasing fixed wing reliability with selective redundancy
http://www.bbc.com/news/technology-37646474
The use of redundant rotors has a similar result for multirotors as noted in the Outback 2016 debrief:
http://discuss.ardupilot.org/t/canberrauav-outback-challenge-2016-d...
The UAV Lab at the University of Minnesota has done some good work on increasing the reliability of UAVs. They have found that having redundant servos provides one of the greatest increases in reliability for fixed wings.
http://www.aem.umn.edu/~SeilerControl/SafetyCritical.shtml
Thanks for your excellent answer.
I'm starting to realise that creating a fully redundant system with all sorts of logic for fail-overs might not be the most reliable choice.
I think you need to look at the mean time between failures (MTBF) at both the component level and the system level. By component level I mean objects such as ESC or PX4 etc, not individual transistors & resistors. I expect (and based on my own limited experience from multirotor & glider) that most failures are at a system level rather than component.
I expect the failure rate of components like PX4, RX, GPS etc (taken in isolation) to be very low when used within their limits and correctly installed. ESCs and batteries are the components that receive the hardest life as they all handle high currents. Manufacturers make wild claims as to their ratings and are under extreme price pressure. These shall be the points of failure. If the battery and ESCs are all appropriately sized then these should also have a good MTBF too.
Installation of components has a massive bearing on their MTBF through things like signal integrity & grounding, inductive spikes, component cooling (ie ESC & battery heatsinking) and probably the importantly - vibration.
So in short, what I am saying is I believe that most failures are down to the operator through poor build execution or poor piloting.
I think we well designed system should have a respectable MTBF even without redundancy. The question then becomes does the redundancy draw backs such as increased weight, cost and complexity look worth while for the given failure rate of non-redundant system?