Located under the Features top-level menu. Allows configuring the failsafe procedure (like selecting GPS-RESCUE if applicable).
Bounded with `#ifdef USE_CMS_FAILSAFE_MENU` so it can be disabled for space critical targets.
The `failsafe_kill_switch` parameter has been renamed to
`failsafe_switch_mode` and it determines what happens
when the Failsafe mode is activated with an AUX switch.
It takes one of three values:
0 - simulates RC signal loss - thus activates Stage1 failsafe
(former behavior when kill switch option was OFF)
1 - disarms immediately
(former behavior when kill switch option was ON)
2 - activates the failsafe procedure (Stage2) immediately (new)
Modified to make mechanism use time instead of counters for call
frequency independency.
Skipping RC samples uses a counter for time independency.
Also LED and beeper patterns were changed by previous implementation.
Corrected with RX supend/resume feedback to failsafe system.
- Added failsafe flightmode and rc control box.
To make failsafe procedure a separate flight mode and make it possible
to trigger failsafe with an AUX switch.
- Failsafe mode is activated when failsafe is active.
RC link lost is simulated with the failsafe AUX switch.
When NOT armed: failsafe switch to failsafe mode is shown in GUI (mode
tab).
- Activate failsafe mode with AUX switch.
- Prevent arming when failsafe via AUX switch is active (safety issue).
- Make failsafe disarm if motors armed and throttle was LOW (2D & 3D)
for `failsafe_throttle_low_delay` time (__JustDisarmEvent__).
Applied code changes to effectively add pull request: Make failsafe
disarm if motors armed and throttle low #717.
- Use failsafeIsMonitoring() to actually start monitoring.
- Added `failsafe_kill_switch` to code.
When set to 1 (0 is default), the failsafe switch will instantly disarm
(__KillswitchEvent__) instead of executing the landings procedure.
Arming is NOT locked after
this, so the craft could be re-armed if needed.
This is intended for racing quads where damage and danger must be
minimized in case of a pilot error.
- Added `failsafe_throttle_low_delay`, adapted documentation.
Used to adjust the time throttle level must have been LOW
to _only disarm_ instead of _full failsafe procedure_
(__JustDisarmEvent__).
- Updated the failsafe documentation.
- Re-enable arming at end of failsafe procedure.
At the end of a handled failsafe event, that means: auto-landing,
__JustDisarmEvent__ or __KillswitchEvent__, the RX link is monitored for
valid data.
Monitoring is a part of the failsafe handling, which means the craft is
still in failsafe mode while this is done.
Arming is re-enabled (allowed) when there is a valid RX link for more
then XX seconds, where XX depends on the handled event like this:
1. XX = 30 seconds after auto landing.
2. XX = 3 seconds after __JustDisarmEvent__.
3. XX = 0 seconds after __KillswitchEvent__.
NOTE: When armed via an AUX switch, you will have to switch to the
disarmed position at the very end to be able to re-arm.
The failsafe mode will not end until you do.
- __KillswitchEvent__ has now priority over __JustDisarmEvent__
- Apply rxfail values instantly when failsafe switch is ON
- Added missing cases to display.c
Show M when failsafe is monitoring for RX recovery (AND disarming when
armed with a switch).
===
Reworked the code from counter-based to time-based.
- AUX failsafe switch now has identical behavior to RX loss.
- Added RX failure and RX recovery timing.
- __KillswitchEvent__ skips RX failure detection delay (direct disarm).
===
[UNIT TESTS]
Adapted failsafe related unittests from counter-based to time-based
- Added failsafeOnValidDataFailed() to some tests
- Removed duplicate test setup from rc_controls_unittest.cc
- Removed magic numbers from rx_ranges_unittest.cc and rx_rx_unittest.cc
- Reworked all test-cases for flight_failsafe_unittest.cc
priority via simpler static declaration - removes giant switch
statement. Use a new method when beeping out GPS status. Lower memory
usage. Smaller code size. Beeper priority now only handled in a single
place.
