- Added failsafe flightmode and rc control box.
To make failsafe procedure a separate flight mode and make it possible
to trigger failsafe with an AUX switch.
- Failsafe mode is activated when failsafe is active.
RC link lost is simulated with the failsafe AUX switch.
When NOT armed: failsafe switch to failsafe mode is shown in GUI (mode
tab).
- Activate failsafe mode with AUX switch.
- Prevent arming when failsafe via AUX switch is active (safety issue).
- Make failsafe disarm if motors armed and throttle was LOW (2D & 3D)
for `failsafe_throttle_low_delay` time (__JustDisarmEvent__).
Applied code changes to effectively add pull request: Make failsafe
disarm if motors armed and throttle low #717.
- Use failsafeIsMonitoring() to actually start monitoring.
- Added `failsafe_kill_switch` to code.
When set to 1 (0 is default), the failsafe switch will instantly disarm
(__KillswitchEvent__) instead of executing the landings procedure.
Arming is NOT locked after
this, so the craft could be re-armed if needed.
This is intended for racing quads where damage and danger must be
minimized in case of a pilot error.
- Added `failsafe_throttle_low_delay`, adapted documentation.
Used to adjust the time throttle level must have been LOW
to _only disarm_ instead of _full failsafe procedure_
(__JustDisarmEvent__).
- Updated the failsafe documentation.
- Re-enable arming at end of failsafe procedure.
At the end of a handled failsafe event, that means: auto-landing,
__JustDisarmEvent__ or __KillswitchEvent__, the RX link is monitored for
valid data.
Monitoring is a part of the failsafe handling, which means the craft is
still in failsafe mode while this is done.
Arming is re-enabled (allowed) when there is a valid RX link for more
then XX seconds, where XX depends on the handled event like this:
1. XX = 30 seconds after auto landing.
2. XX = 3 seconds after __JustDisarmEvent__.
3. XX = 0 seconds after __KillswitchEvent__.
NOTE: When armed via an AUX switch, you will have to switch to the
disarmed position at the very end to be able to re-arm.
The failsafe mode will not end until you do.
- __KillswitchEvent__ has now priority over __JustDisarmEvent__
- Apply rxfail values instantly when failsafe switch is ON
- Added missing cases to display.c
Show M when failsafe is monitoring for RX recovery (AND disarming when
armed with a switch).
===
Reworked the code from counter-based to time-based.
- AUX failsafe switch now has identical behavior to RX loss.
- Added RX failure and RX recovery timing.
- __KillswitchEvent__ skips RX failure detection delay (direct disarm).
===
[UNIT TESTS]
Adapted failsafe related unittests from counter-based to time-based
- Added failsafeOnValidDataFailed() to some tests
- Removed duplicate test setup from rc_controls_unittest.cc
- Removed magic numbers from rx_ranges_unittest.cc and rx_rx_unittest.cc
- Reworked all test-cases for flight_failsafe_unittest.cc
Fixed grammar, typos, and adjusted formatting. Added additional
explanation on items, and added a step by step instruction to setting
up failsafe for the first time.
The old code was using f.ACC_CALIBRATED to mean 'flash the warning led'
and 'prevent arming'
There was another flag called f.OK_TO_ARM which really meant 'prevent
arming after failsafe unless using a switch to arm' - this meant the
comment in the code was incorrect since it did not mention the switch.
There was code which every ~71 minutes would set f.ACC_CALIBRATED to
FALSE and would toggle the LED, even when flying.
There was code that was run during every cycle that did not need to be
run when armed.
There was code that was run during every cycle which did not need to be
run when waiting for calibration to finish.
The warning light was toggled regardless of actual accelerometer
calibration state.
This commit fixes all that and prevents the user from arming after a
failsafe landing until the system is reset, regardless of wether a
switch is used to arm or not.
This commit also flashes the warning led during barometer calibration
and will not let you arm until it has completed.
Add a 5 second delay on startup to failsafe to prevent failsafe from
activating in the case of TX/RX gear with long bind procedures before
they send out valid data.
Failsafe now only prevents re-arming if a landing was forced.
In the case when you power on your RX without your TX on the beeper
sounds and failsafe warning ligts are activated. When the FC then
detects a signal the lights go off and you can then arm.
systems and Parallel PWM/PPM systems.
Added setting for failsafe_max_usec. Renamed failsafe_detect_threshold
to failsafe_min_usec.
Failsafe now detects when a PPM/PWM RX isn't sending ANY data out on
CH1-4. See documentation notes regarding Graupner receivers in
Failsafe.md.
Documented failsafe system.