Updates and feature additions to failsafe system.

- Added failsafe flightmode and rc control box. To make failsafe procedure a separate flight mode and make it possible to trigger failsafe with an AUX switch. - Failsafe mode is activated when failsafe is active. RC link lost is simulated with the failsafe AUX switch. When NOT armed: failsafe switch to failsafe mode is shown in GUI (mode tab). - Activate failsafe mode with AUX switch. - Prevent arming when failsafe via AUX switch is active (safety issue). - Make failsafe disarm if motors armed and throttle was LOW (2D & 3D) for `failsafe_throttle_low_delay` time (__JustDisarmEvent__). Applied code changes to effectively add pull request: Make failsafe disarm if motors armed and throttle low #717. - Use failsafeIsMonitoring() to actually start monitoring. - Added `failsafe_kill_switch` to code. When set to 1 (0 is default), the failsafe switch will instantly disarm (__KillswitchEvent__) instead of executing the landings procedure. Arming is NOT locked after this, so the craft could be re-armed if needed. This is intended for racing quads where damage and danger must be minimized in case of a pilot error. - Added `failsafe_throttle_low_delay`, adapted documentation. Used to adjust the time throttle level must have been LOW to _only disarm_ instead of _full failsafe procedure_ (__JustDisarmEvent__). - Updated the failsafe documentation. - Re-enable arming at end of failsafe procedure. At the end of a handled failsafe event, that means: auto-landing, __JustDisarmEvent__ or __KillswitchEvent__, the RX link is monitored for valid data. Monitoring is a part of the failsafe handling, which means the craft is still in failsafe mode while this is done. Arming is re-enabled (allowed) when there is a valid RX link for more then XX seconds, where XX depends on the handled event like this: 1. XX = 30 seconds after auto landing. 2. XX = 3 seconds after __JustDisarmEvent__. 3. XX = 0 seconds after __KillswitchEvent__. NOTE: When armed via an AUX switch, you will have to switch to the disarmed position at the very end to be able to re-arm. The failsafe mode will not end until you do. - __KillswitchEvent__ has now priority over __JustDisarmEvent__ - Apply rxfail values instantly when failsafe switch is ON - Added missing cases to display.c Show M when failsafe is monitoring for RX recovery (AND disarming when armed with a switch). === Reworked the code from counter-based to time-based. - AUX failsafe switch now has identical behavior to RX loss. - Added RX failure and RX recovery timing. - __KillswitchEvent__ skips RX failure detection delay (direct disarm). === [UNIT TESTS] Adapted failsafe related unittests from counter-based to time-based - Added failsafeOnValidDataFailed() to some tests - Removed duplicate test setup from rc_controls_unittest.cc - Removed magic numbers from rx_ranges_unittest.cc and rx_rx_unittest.cc - Reworked all test-cases for flight_failsafe_unittest.cc
2025-07-17 05:15:25 +03:00 · 2015-05-05 16:11:05 +02:00 · 2015-05-05 16:11:05 +02:00 · f0681de53d
commit f0681de53d
parent f7530df974
17 changed files with 542 additions and 251 deletions
--- a/src/main/io/serial_msp.c
+++ b/src/main/io/serial_msp.c
@ -131,7 +131,7 @@ void useRcControlsConfig(modeActivationCondition_t *modeActivationConditions, es
 #define MSP_PROTOCOL_VERSION                0

 #define API_VERSION_MAJOR                   1 // increment when major changes are made
-#define API_VERSION_MINOR                   12 // increment when any change is made, reset to zero when major changes are released after changing API_VERSION_MAJOR
+#define API_VERSION_MINOR                   13 // increment when any change is made, reset to zero when major changes are released after changing API_VERSION_MAJOR

 #define API_VERSION_LENGTH                  2

@ -346,6 +346,7 @@ static const box_t boxes[CHECKBOX_ITEM_COUNT + 1] = {
    { BOXSERVO2, "SERVO2;", 24 },
    { BOXSERVO3, "SERVO3;", 25 },
    { BOXBLACKBOX, "BLACKBOX;", 26 },
+    { BOXFAILSAFE, "FAILSAFE;", 27 },
    { CHECKBOX_ITEM_COUNT, NULL, 0xFF }
 };

@ -698,6 +699,10 @@ void mspInit(serialConfig_t *serialConfig)
    }
 #endif

+    if (feature(FEATURE_FAILSAFE)){
+        activeBoxIds[activeBoxIdCount++] = BOXFAILSAFE;
+    }
+
    memset(mspPorts, 0x00, sizeof(mspPorts));
    mspAllocateSerialPorts(serialConfig);
 }
@ -819,7 +824,8 @@ static bool processOutCommand(uint8_t cmdMSP)
            IS_ENABLED(IS_RC_MODE_ACTIVE(BOXAUTOTUNE)) << BOXAUTOTUNE |
            IS_ENABLED(FLIGHT_MODE(SONAR_MODE)) << BOXSONAR |
            IS_ENABLED(ARMING_FLAG(ARMED)) << BOXARM |
-            IS_ENABLED(IS_RC_MODE_ACTIVE(BOXBLACKBOX)) << BOXBLACKBOX;
+            IS_ENABLED(IS_RC_MODE_ACTIVE(BOXBLACKBOX)) << BOXBLACKBOX |
+            IS_ENABLED(FLIGHT_MODE(FAILSAFE_MODE)) << BOXFAILSAFE;
        for (i = 0; i < activeBoxIdCount; i++) {
            int flag = (tmp & (1 << activeBoxIds[i]));
            if (flag)