search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[FLYWOOF411] add board documentation
[inav/snaewe.git] / src / main / flight / failsafe.c
blob6ac2783c187111f3b541fb8bf072ae65c71fe707
1 /*
2 * This file is part of Cleanflight.
3 *
4 * Cleanflight is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * Cleanflight is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with Cleanflight. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include <stdbool.h>
19 #include <stdint.h>
20
21 #include "platform.h"
22
23 #include "build/build_config.h"
24
25 #include "build/debug.h"
26
27 #include "common/axis.h"
28
29 #include "config/feature.h"
30 #include "config/parameter_group.h"
31 #include "config/parameter_group_ids.h"
32
33 #include "drivers/time.h"
34
35 #include "io/beeper.h"
36
37 #include "fc/fc_core.h"
38 #include "fc/config.h"
39 #include "fc/rc_controls.h"
40 #include "fc/rc_modes.h"
41 #include "fc/runtime_config.h"
42 #include "fc/controlrate_profile.h"
43
44 #include "flight/failsafe.h"
45 #include "flight/mixer.h"
46 #include "flight/pid.h"
47
48 #include "navigation/navigation.h"
49
50 #include "rx/rx.h"
51
52 #include "sensors/sensors.h"
53
54 /*
55 * Usage:
56 *
57 * failsafeInit() and failsafeReset() must be called before the other methods are used.
58 *
59 * failsafeInit() and failsafeReset() can be called in any order.
60 * failsafeInit() should only be called once.
61 *
62 * enable() should be called after system initialisation.
63 */
64
65 static failsafeState_t failsafeState;
66
67 PG_REGISTER_WITH_RESET_TEMPLATE(failsafeConfig_t, failsafeConfig, PG_FAILSAFE_CONFIG, 1);
68
69 PG_RESET_TEMPLATE(failsafeConfig_t, failsafeConfig,
70 .failsafe_delay = 5, // 0.5 sec
71 .failsafe_recovery_delay = 5, // 0.5 seconds (plus 200ms explicit delay)
72 .failsafe_off_delay = 200, // 20sec
73 .failsafe_throttle = 1000, // default throttle off.
74 .failsafe_throttle_low_delay = 0, // default throttle low delay for "just disarm" on failsafe condition
75 .failsafe_procedure = FAILSAFE_PROCEDURE_AUTO_LANDING, // default full failsafe procedure
76 .failsafe_fw_roll_angle = -200, // 20 deg left
77 .failsafe_fw_pitch_angle = 100, // 10 deg dive (yes, positive means dive)
78 .failsafe_fw_yaw_rate = -45, // 45 deg/s left yaw (left is negative, 8s for full turn)
79 .failsafe_stick_motion_threshold = 50,
80 .failsafe_min_distance = 0, // No minimum distance for failsafe by default
81 .failsafe_min_distance_procedure = FAILSAFE_PROCEDURE_DROP_IT, // default minimum distance failsafe procedure
82 .failsafe_mission = true, // Enable failsafe in WP mode or not
83 );
84
85 typedef enum {
86 FAILSAFE_CHANNEL_HOLD, // Hold last known good value
87 FAILSAFE_CHANNEL_NEUTRAL, // RPY = zero, THR = zero
88 FAILSAFE_CHANNEL_AUTO, // Defined by failsafe configured values
89 } failsafeChannelBehavior_e;
90
91 typedef struct {
92 bool bypassNavigation;
93 bool forceAngleMode;
94 failsafeChannelBehavior_e channelBehavior[4];
95 } failsafeProcedureLogic_t;
96
97 static const failsafeProcedureLogic_t failsafeProcedureLogic[] = {
98 [FAILSAFE_PROCEDURE_AUTO_LANDING] = {
99 .bypassNavigation = true,
100 .forceAngleMode = true,
101 .channelBehavior = {
102 FAILSAFE_CHANNEL_AUTO, // ROLL
103 FAILSAFE_CHANNEL_AUTO, // PITCH
104 FAILSAFE_CHANNEL_AUTO, // YAW
105 FAILSAFE_CHANNEL_AUTO // THROTTLE
106 }
107 },
108
109 [FAILSAFE_PROCEDURE_DROP_IT] = {
110 .bypassNavigation = true,
111 .forceAngleMode = true,
112 .channelBehavior = {
113 FAILSAFE_CHANNEL_NEUTRAL, // ROLL
114 FAILSAFE_CHANNEL_NEUTRAL, // PITCH
115 FAILSAFE_CHANNEL_NEUTRAL, // YAW
116 FAILSAFE_CHANNEL_NEUTRAL // THROTTLE
117 }
118 },
119
120 [FAILSAFE_PROCEDURE_RTH] = {
121 .bypassNavigation = false,
122 .forceAngleMode = true,
123 .channelBehavior = {
124 FAILSAFE_CHANNEL_NEUTRAL, // ROLL
125 FAILSAFE_CHANNEL_NEUTRAL, // PITCH
126 FAILSAFE_CHANNEL_NEUTRAL, // YAW
127 FAILSAFE_CHANNEL_HOLD // THROTTLE
128 }
129 },
130
131 [FAILSAFE_PROCEDURE_NONE] = {
132 .bypassNavigation = false,
133 .forceAngleMode = false,
134 .channelBehavior = {
135 FAILSAFE_CHANNEL_HOLD, // ROLL
136 FAILSAFE_CHANNEL_HOLD, // PITCH
137 FAILSAFE_CHANNEL_HOLD, // YAW
138 FAILSAFE_CHANNEL_HOLD // THROTTLE
139 }
140 }
141 };
142
143 /*
144 * Should called when the failsafe config needs to be changed - e.g. a different profile has been selected.
145 */
146 void failsafeReset(void)
147 {
148 failsafeState.rxDataFailurePeriod = PERIOD_RXDATA_FAILURE + failsafeConfig()->failsafe_delay * MILLIS_PER_TENTH_SECOND;
149 failsafeState.rxDataRecoveryPeriod = PERIOD_RXDATA_RECOVERY + failsafeConfig()->failsafe_recovery_delay * MILLIS_PER_TENTH_SECOND;
150 failsafeState.validRxDataReceivedAt = 0;
151 failsafeState.validRxDataFailedAt = 0;
152 failsafeState.throttleLowPeriod = 0;
153 failsafeState.landingShouldBeFinishedAt = 0;
154 failsafeState.receivingRxDataPeriod = 0;
155 failsafeState.receivingRxDataPeriodPreset = 0;
156 failsafeState.phase = FAILSAFE_IDLE;
157 failsafeState.rxLinkState = FAILSAFE_RXLINK_DOWN;
158 failsafeState.activeProcedure = failsafeConfig()->failsafe_procedure;
159
160 failsafeState.lastGoodRcCommand[ROLL] = 0;
161 failsafeState.lastGoodRcCommand[PITCH] = 0;
162 failsafeState.lastGoodRcCommand[YAW] = 0;
163 failsafeState.lastGoodRcCommand[THROTTLE] = 1000;
164 }
165
166 void failsafeInit(void)
167 {
168 failsafeState.events = 0;
169 failsafeState.monitoring = false;
170 failsafeState.suspended = false;
171 }
172
173 #ifdef USE_NAV
174 bool failsafeBypassNavigation(void)
175 {
176 return failsafeState.active &&
177 failsafeState.controlling &&
178 failsafeProcedureLogic[failsafeState.activeProcedure].bypassNavigation;
179 }
180
181 bool failsafeMayRequireNavigationMode(void)
182 {
183 return (failsafeConfig()->failsafe_procedure == FAILSAFE_PROCEDURE_RTH) ||
184 (failsafeConfig()->failsafe_min_distance_procedure == FAILSAFE_PROCEDURE_RTH);
185 }
186 #endif
187
188 failsafePhase_e failsafePhase(void)
189 {
190 return failsafeState.phase;
191 }
192
193 bool failsafeIsMonitoring(void)
194 {
195 return failsafeState.monitoring;
196 }
197
198 bool failsafeIsActive(void)
199 {
200 return failsafeState.active;
201 }
202
203 bool failsafeShouldApplyControlInput(void)
204 {
205 return failsafeState.controlling;
206 }
207
208 bool failsafeRequiresAngleMode(void)
209 {
210 return failsafeState.active &&
211 failsafeState.controlling &&
212 failsafeProcedureLogic[failsafeState.activeProcedure].forceAngleMode;
213 }
214
215 bool failsafeRequiresMotorStop(void)
216 {
217 return failsafeState.active &&
218 failsafeState.activeProcedure == FAILSAFE_PROCEDURE_AUTO_LANDING &&
219 failsafeConfig()->failsafe_throttle < getThrottleIdleValue();
220 }
221
222 void failsafeStartMonitoring(void)
223 {
224 failsafeState.monitoring = true;
225 }
226
227 static bool failsafeShouldHaveCausedLandingByNow(void)
228 {
229 return failsafeConfig()->failsafe_off_delay && (millis() > failsafeState.landingShouldBeFinishedAt);
230 }
231
232 static void failsafeSetActiveProcedure(failsafeProcedure_e procedure)
233 {
234 failsafeState.activeProcedure = procedure;
235 }
236
237 static void failsafeActivate(failsafePhase_e newPhase)
238 {
239 failsafeState.active = true;
240 failsafeState.controlling = true;
241 failsafeState.phase = newPhase;
242 ENABLE_FLIGHT_MODE(FAILSAFE_MODE);
243 failsafeState.landingShouldBeFinishedAt = millis() + failsafeConfig()->failsafe_off_delay * MILLIS_PER_TENTH_SECOND;
244
245 failsafeState.events++;
246 }
247
248 void failsafeUpdateRcCommandValues(void)
249 {
250 if (!failsafeState.active) {
251 for (int idx = 0; idx < 4; idx++) {
252 failsafeState.lastGoodRcCommand[idx] = rcCommand[idx];
253 }
254 }
255 }
256
257 void failsafeApplyControlInput(void)
258 {
259 // Prepare FAILSAFE_CHANNEL_AUTO values for rcCommand
260 int16_t autoRcCommand[4];
261 if (STATE(FIXED_WING_LEGACY)) {
262 autoRcCommand[ROLL] = pidAngleToRcCommand(failsafeConfig()->failsafe_fw_roll_angle, pidProfile()->max_angle_inclination[FD_ROLL]);
263 autoRcCommand[PITCH] = pidAngleToRcCommand(failsafeConfig()->failsafe_fw_pitch_angle, pidProfile()->max_angle_inclination[FD_PITCH]);
264 autoRcCommand[YAW] = -pidRateToRcCommand(failsafeConfig()->failsafe_fw_yaw_rate, currentControlRateProfile->stabilized.rates[FD_YAW]);
265 autoRcCommand[THROTTLE] = failsafeConfig()->failsafe_throttle;
266 }
267 else {
268 for (int i = 0; i < 3; i++) {
269 autoRcCommand[i] = 0;
270 }
271 autoRcCommand[THROTTLE] = failsafeConfig()->failsafe_throttle;
272 }
273
274 // Apply channel values
275 for (int idx = 0; idx < 4; idx++) {
276 switch (failsafeProcedureLogic[failsafeState.activeProcedure].channelBehavior[idx]) {
277 case FAILSAFE_CHANNEL_HOLD:
278 rcCommand[idx] = failsafeState.lastGoodRcCommand[idx];
279 break;
280
281 case FAILSAFE_CHANNEL_NEUTRAL:
282 switch (idx) {
283 case ROLL:
284 case PITCH:
285 case YAW:
286 rcCommand[idx] = 0;
287 break;
288
289 case THROTTLE:
290 rcCommand[idx] = feature(FEATURE_REVERSIBLE_MOTORS) ? PWM_RANGE_MIDDLE : getThrottleIdleValue();
291 break;
292 }
293 break;
294
295 case FAILSAFE_CHANNEL_AUTO:
296 rcCommand[idx] = autoRcCommand[idx];
297 break;
298 }
299 }
300 }
301
302 bool failsafeIsReceivingRxData(void)
303 {
304 return (failsafeState.rxLinkState == FAILSAFE_RXLINK_UP);
305 }
306
307 void failsafeOnRxSuspend(void)
308 {
309 failsafeState.suspended = true;
310 }
311
312 bool failsafeIsSuspended(void)
313 {
314 return failsafeState.suspended;
315 }
316
317 void failsafeOnRxResume(void)
318 {
319 failsafeState.suspended = false; // restart monitoring
320 failsafeState.validRxDataReceivedAt = millis(); // prevent RX link down trigger, restart rx link up
321 failsafeState.rxLinkState = FAILSAFE_RXLINK_UP; // do so while rx link is up
322 }
323
324 void failsafeOnValidDataReceived(void)
325 {
326 failsafeState.validRxDataReceivedAt = millis();
327 if ((failsafeState.validRxDataReceivedAt - failsafeState.validRxDataFailedAt) > failsafeState.rxDataRecoveryPeriod) {
328 failsafeState.rxLinkState = FAILSAFE_RXLINK_UP;
329 }
330 }
331
332 void failsafeOnValidDataFailed(void)
333 {
334 failsafeState.validRxDataFailedAt = millis();
335 if ((failsafeState.validRxDataFailedAt - failsafeState.validRxDataReceivedAt) > failsafeState.rxDataFailurePeriod) {
336 failsafeState.rxLinkState = FAILSAFE_RXLINK_DOWN;
337 }
338 }
339
340 static bool failsafeCheckStickMotion(void)
341 {
342 if (failsafeConfig()->failsafe_stick_motion_threshold > 0) {
343 uint32_t totalRcDelta = 0;
344
345 totalRcDelta += ABS(rxGetChannelValue(ROLL) - PWM_RANGE_MIDDLE);
346 totalRcDelta += ABS(rxGetChannelValue(PITCH) - PWM_RANGE_MIDDLE);
347 totalRcDelta += ABS(rxGetChannelValue(YAW) - PWM_RANGE_MIDDLE);
348
349 return totalRcDelta >= failsafeConfig()->failsafe_stick_motion_threshold;
350 }
351 else {
352 return true;
353 }
354 }
355
356 static failsafeProcedure_e failsafeChooseFailsafeProcedure(void)
357 {
358 if (FLIGHT_MODE(NAV_WP_MODE) && !failsafeConfig()->failsafe_mission) {
359 return FAILSAFE_PROCEDURE_NONE;
360 }
361
362 // Craft is closer than minimum failsafe procedure distance (if set to non-zero)
363 // GPS must also be working, and home position set
364 if ((failsafeConfig()->failsafe_min_distance > 0) &&
365 ((GPS_distanceToHome * 100) < failsafeConfig()->failsafe_min_distance) &&
366 sensors(SENSOR_GPS) && STATE(GPS_FIX) && STATE(GPS_FIX_HOME)) {
367
368 // Use the alternate, minimum distance failsafe procedure instead
369 return failsafeConfig()->failsafe_min_distance_procedure;
370 }
371
372 return failsafeConfig()->failsafe_procedure;
373 }
374
375 void failsafeUpdateState(void)
376 {
377 if (!failsafeIsMonitoring() || failsafeIsSuspended()) {
378 return;
379 }
380
381 const bool receivingRxDataAndNotFailsafeMode = failsafeIsReceivingRxData() && !IS_RC_MODE_ACTIVE(BOXFAILSAFE);
382 const bool armed = ARMING_FLAG(ARMED);
383 const bool sticksAreMoving = failsafeCheckStickMotion();
384 beeperMode_e beeperMode = BEEPER_SILENCE;
385
386 // Beep RX lost only if we are not seeing data and we have been armed earlier
387 if (!receivingRxDataAndNotFailsafeMode && ARMING_FLAG(WAS_EVER_ARMED)) {
388 beeperMode = BEEPER_RX_LOST;
389 }
390
391 bool reprocessState;
392
393 do {
394 reprocessState = false;
395
396 switch (failsafeState.phase) {
397 case FAILSAFE_IDLE:
398 if (armed) {
399 // Track throttle command below minimum time
400 if (THROTTLE_HIGH == calculateThrottleStatus(THROTTLE_STATUS_TYPE_RC)) {
401 failsafeState.throttleLowPeriod = millis() + failsafeConfig()->failsafe_throttle_low_delay * MILLIS_PER_TENTH_SECOND;
402 }
403 if (!receivingRxDataAndNotFailsafeMode) {
404 if ((failsafeConfig()->failsafe_throttle_low_delay && (millis() > failsafeState.throttleLowPeriod)) || STATE(NAV_MOTOR_STOP_OR_IDLE)) {
405 // JustDisarm: throttle was LOW for at least 'failsafe_throttle_low_delay' seconds or waiting for launch
406 // Don't disarm at all if `failsafe_throttle_low_delay` is set to zero
407 failsafeSetActiveProcedure(FAILSAFE_PROCEDURE_DROP_IT);
408 failsafeActivate(FAILSAFE_LANDED); // skip auto-landing procedure
409 failsafeState.receivingRxDataPeriodPreset = PERIOD_OF_3_SECONDS; // require 3 seconds of valid rxData
410 } else {
411 failsafeState.phase = FAILSAFE_RX_LOSS_DETECTED;
412 }
413 reprocessState = true;
414 }
415 } else {
416 // When NOT armed, show rxLinkState of failsafe switch in GUI (failsafe mode)
417 if (!receivingRxDataAndNotFailsafeMode) {
418 ENABLE_FLIGHT_MODE(FAILSAFE_MODE);
419 } else {
420 DISABLE_FLIGHT_MODE(FAILSAFE_MODE);
421 }
422 // Throttle low period expired (= low long enough for JustDisarm)
423 failsafeState.throttleLowPeriod = 0;
424 }
425 break;
426
427 case FAILSAFE_RX_LOSS_DETECTED:
428 if (receivingRxDataAndNotFailsafeMode) {
429 failsafeState.phase = FAILSAFE_RX_LOSS_RECOVERED;
430 } else {
431 // Set active failsafe procedure
432 failsafeSetActiveProcedure(failsafeChooseFailsafeProcedure());
433
434 switch (failsafeState.activeProcedure) {
435 case FAILSAFE_PROCEDURE_AUTO_LANDING:
436 // Stabilize, and set Throttle to specified level
437 failsafeActivate(FAILSAFE_LANDING);
438 break;
439
440 case FAILSAFE_PROCEDURE_DROP_IT:
441 // Drop the craft
442 failsafeActivate(FAILSAFE_LANDED); // skip auto-landing procedure
443 failsafeState.receivingRxDataPeriodPreset = PERIOD_OF_3_SECONDS; // require 3 seconds of valid rxData
444 break;
445
446 #if defined(USE_NAV)
447 case FAILSAFE_PROCEDURE_RTH:
448 // Proceed to handling & monitoring RTH navigation
449 failsafeActivate(FAILSAFE_RETURN_TO_HOME);
450 activateForcedRTH();
451 break;
452 #endif
453 case FAILSAFE_PROCEDURE_NONE:
454 default:
455 // Do nothing procedure
456 failsafeActivate(FAILSAFE_RX_LOSS_IDLE);
457 break;
458 }
459 }
460 reprocessState = true;
461 break;
462
463 /* A very simple do-nothing failsafe procedure. The only thing it will do is monitor the receiver state and switch out of FAILSAFE condition */
464 case FAILSAFE_RX_LOSS_IDLE:
465 if (receivingRxDataAndNotFailsafeMode && sticksAreMoving) {
466 failsafeState.phase = FAILSAFE_RX_LOSS_RECOVERED;
467 reprocessState = true;
468 }
469 break;
470
471 #if defined(USE_NAV)
472 case FAILSAFE_RETURN_TO_HOME:
473 if (receivingRxDataAndNotFailsafeMode && sticksAreMoving) {
474 abortForcedRTH();
475 failsafeState.phase = FAILSAFE_RX_LOSS_RECOVERED;
476 reprocessState = true;
477 }
478 else {
479 if (armed) {
480 beeperMode = BEEPER_RX_LOST_LANDING;
481 }
482 bool rthLanded = false;
483 switch (getStateOfForcedRTH()) {
484 case RTH_IN_PROGRESS:
485 break;
486
487 case RTH_HAS_LANDED:
488 rthLanded = true;
489 break;
490
491 case RTH_IDLE:
492 default:
493 // This shouldn't happen. If RTH was somehow aborted during failsafe - fallback to FAILSAFE_LANDING procedure
494 abortForcedRTH();
495 failsafeSetActiveProcedure(FAILSAFE_PROCEDURE_AUTO_LANDING);
496 failsafeActivate(FAILSAFE_LANDING);
497 reprocessState = true;
498 break;
499 }
500 if (rthLanded || !armed) {
501 failsafeState.receivingRxDataPeriodPreset = PERIOD_OF_30_SECONDS; // require 30 seconds of valid rxData
502 failsafeState.phase = FAILSAFE_LANDED;
503 reprocessState = true;
504 }
505 }
506 break;
507 #endif
508
509 case FAILSAFE_LANDING:
510 if (receivingRxDataAndNotFailsafeMode && sticksAreMoving) {
511 failsafeState.phase = FAILSAFE_RX_LOSS_RECOVERED;
512 reprocessState = true;
513 }
514 if (armed) {
515 beeperMode = BEEPER_RX_LOST_LANDING;
516 }
517 if (failsafeShouldHaveCausedLandingByNow() || !armed) {
518 failsafeState.receivingRxDataPeriodPreset = PERIOD_OF_30_SECONDS; // require 30 seconds of valid rxData
519 failsafeState.phase = FAILSAFE_LANDED;
520 reprocessState = true;
521 }
522 break;
523
524 case FAILSAFE_LANDED:
525 ENABLE_ARMING_FLAG(ARMING_DISABLED_FAILSAFE_SYSTEM); // To prevent accidently rearming by an intermittent rx link
526 disarm(DISARM_FAILSAFE);
527 failsafeState.receivingRxDataPeriod = millis() + failsafeState.receivingRxDataPeriodPreset; // set required period of valid rxData
528 failsafeState.phase = FAILSAFE_RX_LOSS_MONITORING;
529 failsafeState.controlling = false; // Failsafe no longer in control of the machine - release control to pilot
530 reprocessState = true;
531 break;
532
533 case FAILSAFE_RX_LOSS_MONITORING:
534 // Monitoring the rx link to allow rearming when it has become good for > `receivingRxDataPeriodPreset` time.
535 if (receivingRxDataAndNotFailsafeMode) {
536 if (millis() > failsafeState.receivingRxDataPeriod) {
537 // rx link is good now, when arming via ARM switch, it must be OFF first
538 if (!IS_RC_MODE_ACTIVE(BOXARM)) {
539 // XXX: Requirements for removing the ARMING_DISABLED_FAILSAFE_SYSTEM flag
540 // are tested by osd.c to show the user how to re-arm. If these
541 // requirements change, update osdArmingDisabledReasonMessage().
542 DISABLE_ARMING_FLAG(ARMING_DISABLED_FAILSAFE_SYSTEM);
543 failsafeState.phase = FAILSAFE_RX_LOSS_RECOVERED;
544 reprocessState = true;
545 }
546 }
547 } else {
548 failsafeState.receivingRxDataPeriod = millis() + failsafeState.receivingRxDataPeriodPreset;
549 }
550 break;
551
552 case FAILSAFE_RX_LOSS_RECOVERED:
553 // Entering IDLE with the requirement that throttle first must be at min_check for failsafe_throttle_low_delay period.
554 // This is to prevent that JustDisarm is activated on the next iteration.
555 // Because that would have the effect of shutting down failsafe handling on intermittent connections.
556 failsafeState.throttleLowPeriod = millis() + failsafeConfig()->failsafe_throttle_low_delay * MILLIS_PER_TENTH_SECOND;
557 failsafeState.phase = FAILSAFE_IDLE;
558 failsafeState.active = false;
559 failsafeState.controlling = false;
560 DISABLE_FLIGHT_MODE(FAILSAFE_MODE);
561 reprocessState = true;
562 break;
563
564 default:
565 break;
566 }
567 } while (reprocessState);
568
569 if (beeperMode != BEEPER_SILENCE) {
570 beeper(beeperMode);
571 }
572 }