Modified to make mechanism use time instead of counters for call
frequency independency.
Skipping RC samples uses a counter for time independency.
Also LED and beeper patterns were changed by previous implementation.
Corrected with RX supend/resume feedback to failsafe system.
- Added failsafe flightmode and rc control box.
To make failsafe procedure a separate flight mode and make it possible
to trigger failsafe with an AUX switch.
- Failsafe mode is activated when failsafe is active.
RC link lost is simulated with the failsafe AUX switch.
When NOT armed: failsafe switch to failsafe mode is shown in GUI (mode
tab).
- Activate failsafe mode with AUX switch.
- Prevent arming when failsafe via AUX switch is active (safety issue).
- Make failsafe disarm if motors armed and throttle was LOW (2D & 3D)
for `failsafe_throttle_low_delay` time (__JustDisarmEvent__).
Applied code changes to effectively add pull request: Make failsafe
disarm if motors armed and throttle low #717.
- Use failsafeIsMonitoring() to actually start monitoring.
- Added `failsafe_kill_switch` to code.
When set to 1 (0 is default), the failsafe switch will instantly disarm
(__KillswitchEvent__) instead of executing the landings procedure.
Arming is NOT locked after
this, so the craft could be re-armed if needed.
This is intended for racing quads where damage and danger must be
minimized in case of a pilot error.
- Added `failsafe_throttle_low_delay`, adapted documentation.
Used to adjust the time throttle level must have been LOW
to _only disarm_ instead of _full failsafe procedure_
(__JustDisarmEvent__).
- Updated the failsafe documentation.
- Re-enable arming at end of failsafe procedure.
At the end of a handled failsafe event, that means: auto-landing,
__JustDisarmEvent__ or __KillswitchEvent__, the RX link is monitored for
valid data.
Monitoring is a part of the failsafe handling, which means the craft is
still in failsafe mode while this is done.
Arming is re-enabled (allowed) when there is a valid RX link for more
then XX seconds, where XX depends on the handled event like this:
1. XX = 30 seconds after auto landing.
2. XX = 3 seconds after __JustDisarmEvent__.
3. XX = 0 seconds after __KillswitchEvent__.
NOTE: When armed via an AUX switch, you will have to switch to the
disarmed position at the very end to be able to re-arm.
The failsafe mode will not end until you do.
- __KillswitchEvent__ has now priority over __JustDisarmEvent__
- Apply rxfail values instantly when failsafe switch is ON
- Added missing cases to display.c
Show M when failsafe is monitoring for RX recovery (AND disarming when
armed with a switch).
===
Reworked the code from counter-based to time-based.
- AUX failsafe switch now has identical behavior to RX loss.
- Added RX failure and RX recovery timing.
- __KillswitchEvent__ skips RX failure detection delay (direct disarm).
===
[UNIT TESTS]
Adapted failsafe related unittests from counter-based to time-based
- Added failsafeOnValidDataFailed() to some tests
- Removed duplicate test setup from rc_controls_unittest.cc
- Removed magic numbers from rx_ranges_unittest.cc and rx_rx_unittest.cc
- Reworked all test-cases for flight_failsafe_unittest.cc
priority via simpler static declaration - removes giant switch
statement. Use a new method when beeping out GPS status. Lower memory
usage. Smaller code size. Beeper priority now only handled in a single
place.
* fixes issue where indicators would flash when SBus RX entered failsafe
mode.
* fixes bug where turning off a TX for an SBus RX would instantly disarm
when using a switch to arm when the channel went outside the arming
range.
* introduces failsafe phases to make the system more understandable.
* allows the system to ask if rxSignalIsBeing received for all RX
systems: PPM/PWM/SerialRX/MSP. Also works when a serial data signal is
still being received but the data stream indicates a failsafe condition
- e.g. SBus failsafe flags.
* failsafe settings are no-longer per-profile.
Untested: Sumd/Sumh/XBus/MSP (!)
Tested: SBus X8R, Lemon RX Sat, X8R in PWM, Spektrum PPM.
Each flag was previously a whole byte, now all of the flags only take up
4 bytes as they are represented by bit masks.
This is cleaner because the different kind of flags are now separated.
Additionally this changes the behaviour of arming slightly. When using
a switch to arm the aircraft will not arm unless the switch has been in
the off state once. This prevents arming if you power the aircraft with
a low throttle and the switch in the on position.
