| blob | 442dd0f7d8f46daf3cc806e8df7bda3fca443621 |
1 /*
2 * This file is part of Cleanflight and Betaflight.
3 *
4 * Cleanflight and Betaflight are free software. You can redistribute
5 * this software and/or modify this software under the terms of the
6 * GNU General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option)
8 * any later version.
9 *
10 * Cleanflight and Betaflight are distributed in the hope that they
11 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13 * See the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this software.
17 *
18 * If not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <stdbool.h>
22 #include <stdint.h>
50 /*
51 * Usage:
52 *
53 * failsafeInit() and failsafeReset() must be called before the other methods are used.
54 *
55 * failsafeInit() and failsafeReset() can be called in any order.
56 * failsafeInit() should only be called once.
57 *
58 * enable() should be called after system initialisation.
59 */
67 .failsafe_throttle_low_delay = 100, // default throttle low delay for "just disarm" on failsafe condition
68 .failsafe_delay = 15, // 1.5 sec stage 1 period, can regain control on signal recovery, at idle in drop mode
70 .failsafe_switch_mode = FAILSAFE_SWITCH_MODE_STAGE1, // default failsafe switch action is identical to rc link loss
71 .failsafe_procedure = FAILSAFE_PROCEDURE_DROP_IT, // default full failsafe procedure is 0: auto-landing
72 .failsafe_recovery_delay = 10, // 1 sec of valid rx data needed to allow recovering from failsafe procedure
74 );
79 #ifdef USE_GPS_RESCUE
81 #endif
82 };
84 /*
85 * Should called when the failsafe config needs to be changed - e.g. a different profile has been selected.
86 */
88 {
91 // avoid transients and ensure reliable arming for minimum of PERIOD_RXDATA_RECOVERY (200ms)
93 }
94 failsafeState.rxDataRecoveryPeriod = failsafeConfig()->failsafe_recovery_delay * MILLIS_PER_TENTH_SECOND;
96 // PERIOD_RXDATA_RECOVERY (200ms) is the minimum allowed RxData recovery time
98 }
107 }
110 {
115 }
118 {
120 }
123 {
125 }
128 {
130 }
133 {
135 }
138 {
140 }
143 {
145 }
148 {
149 failsafeState.validRxDataReceivedAt += (usSuspendPeriod / 1000); // / 1000 to convert micros to millis
150 }
153 {
154 failsafeState.validRxDataReceivedAt = millis(); // prevent RX link down trigger, restart rx link up
156 }
159 // runs when packets are received for more than the signal validation period (100ms)
160 {
162 // clear RXLOSS in OSD immediately we get a good packet, and un-set its arming block
167 // after initialisation, we sometimes only receive valid packets,
168 // then we don't know how long the signal has been valid for
169 // in this setting, the time the signal first valid is also time it was last valid, so
170 // initialise validRxDataFailedAt to the time of the first valid data
173 // prevent arming until we have valid data for rxDataRecoveryPeriod after initialisation
174 // using the BST flag since no other suitable name....
175 }
177 if (cmp32(failsafeState.validRxDataReceivedAt, failsafeState.validRxDataFailedAt) > (int32_t)failsafeState.rxDataRecoveryPeriod){
178 // rxDataRecoveryPeriod defaults to 1.0s with minimum of PERIOD_RXDATA_RECOVERY (200ms)
181 }
182 }
185 // runs when packets are lost for more than the signal validation period (100ms)
186 {
188 // set RXLOSS in OSD and block arming after 100ms of signal loss (is restored in rx.c immediately signal returns)
191 if ((cmp32(failsafeState.validRxDataFailedAt, failsafeState.validRxDataReceivedAt) > (int32_t)failsafeState.rxDataFailurePeriod)) {
192 // sets rxLinkState = DOWN to initiate stage 2 failsafe, if no validated signal for the stage 1 period
194 // show RXLOSS and block arming
195 }
196 }
199 // runs directly from scheduler, every 10ms, to validate the link
200 {
201 if (cmp32(millis(), failsafeState.validRxDataReceivedAt) > (int32_t)failsafeState.rxDataFailurePeriod) {
202 // sets link DOWN after the stage 1 failsafe period, initiating stage 2
204 // Prevent arming with no RX link
206 }
207 }
210 {
212 }
215 // triggered directly, and ONLY, by the cheduler, at 10ms = PERIOD_RXDATA_FAILURE - intervals
216 {
219 }
222 // should be true when FAILSAFE_RXLINK_UP
223 // FAILSAFE_RXLINK_UP is set in failsafeOnValidDataReceived
224 // failsafeOnValidDataReceived runs from detectAndApplySignalLossBehaviour
230 if (failsafeSwitchIsOn && (failsafeConfig()->failsafe_switch_mode == FAILSAFE_SWITCH_MODE_STAGE2)) {
231 // Aux switch set to failsafe stage2 emulates loss of signal without waiting
234 }
236 // Beep RX lost only if we are not seeing data and we have been armed earlier
239 }
249 // Track throttle command below minimum time
251 failsafeState.throttleLowPeriod = millis() + failsafeConfig()->failsafe_throttle_low_delay * MILLIS_PER_TENTH_SECOND;
252 }
253 if (failsafeSwitchIsOn && (failsafeConfig()->failsafe_switch_mode == FAILSAFE_SWITCH_MODE_KILL)) {
254 // Failsafe switch is configured as KILL switch and is switched ON
259 // go to landed immediately
261 // allow re-arming 1 second after Rx recovery, customisable
265 #ifdef USE_GPS_RESCUE
267 #endif
268 ) {
269 // JustDisarm if throttle was LOW for at least 'failsafe_throttle_low_delay' before failsafe
270 // protects against false arming when the Tx is powered up after the quad
275 // go directly to FAILSAFE_LANDED
277 // allow re-arming 1 second after Rx recovery, customisable
280 }
282 }
284 // When NOT armed, show rxLinkState of failsafe switch in GUI (failsafe mode)
289 }
290 // Throttle low period expired (= low long enough for JustDisarm)
292 }
303 // Enter Stage 2 with settings for landing mode
307 // allow re-arming 1 second after Rx recovery
308 failsafeState.landingShouldBeFinishedAt = millis() + failsafeConfig()->failsafe_off_delay * MILLIS_PER_TENTH_SECOND;
314 // go directly to FAILSAFE_LANDED
316 // allow re-arming 1 second after Rx recovery
318 #ifdef USE_GPS_RESCUE
323 // allow re-arming 3 seconds after Rx recovery
325 #endif
326 }
327 }
338 }
340 // to manually disarm while Landing, aux channels must be enabled
343 }
344 }
346 #ifdef USE_GPS_RESCUE
350 // this test requires stick inputs to be received during GPS Rescue see PR #7936 for rationale
353 }
358 // to manually disarm while in GPS Rescue, aux channels must be enabled
361 }
362 }
364 #endif
368 // prevent accidently rearming by an intermittent rx link
370 // customise receivingRxDataPeriod according to type of failsafe
376 // Monitoring the rx link, allow rearming when it has become good for > `receivingRxDataPeriodPreset` time.
379 // rx link is good now
382 }
385 }
389 // Entering IDLE with the requirement that throttle first must be at min_check for failsafe_throttle_low_delay period.
390 // This is to prevent that JustDisarm is activated on the next iteration.
391 // Because that would have the effect of shutting down failsafe handling on intermittent connections.
392 failsafeState.throttleLowPeriod = millis() + failsafeConfig()->failsafe_throttle_low_delay * MILLIS_PER_TENTH_SECOND;
395 #ifdef USE_GPS_RESCUE
397 #endif
405 }
410 }
411 }