Replies to This Discussion

DeveloperPermalink Reply by R_Lefebvre on May 30, 2012 at 11:20am

Exactly.  The idea of an overarching watchdog is really bad, as it can only serve to increase crashes.  If the APM hangs without a watchdog, the aircraft will crash.  If the APM hangs and it has a watchdog, it will crash anyway if it's a Copter, the AC code has absolutely no provision for air restart.  If it's an airplane and the watchdog forces a reboot, it may save the plane as airplanes can theoretically air re-start.  However, airplane guys can also switch over to manual mode, and fly manually while THEY trigger a controlled reboot, which IMO is safer than random, unsignalled, unknown, reboots caused by a watchdog.

So it really does not make anything safer.  All it does is create a whole bunch of things that could go wrong.  It can trigger reboots (crashes) when nothing is actually wrong.  And it can trigger failsafe actions on the ground, which can trigger unwanted engine-starts, etc.

If Jake wants "E-stop Safety", his only real option is to have something like a copilot, with a seperate Rx and Tx mounted on the aircraft.  The Tx is slaved to FETs which kill motor power.  If and only if the copilot decides to shut down the motors, will it happen.

• ▶ Reply

Permalink Reply by Richard on May 30, 2012 at 12:03pm

Actually, if the APM has hung the pilot cannot switch over to manual because by then the APM can't accept the "switch to pass-thru" command or do the actual pass-thru.

So on a fixed-wing aircraft, the watchdog might let a skilled pilot save the plane.
- If they're lucky and high enough up!

Even with that caveat, any triggering of the watchdog is very likely to cause a crash.

The reason it may be a good idea to enable it is to turn "power off into the sunset" into "probably crash, maybe manual rescue".

So I suppose the watchdog primarily applies to fixed-wing and surface craft which are stable enough to travel unaided, and even then it'd have to be very forgiving.

• ▶ Reply

Permalink Reply by Brad Smith on May 29, 2012 at 7:14pm

well mine in its present state if the throttle wire were to fall off i could switch to RTL or even better for a Quad FBWA which you can preset the min max throttle set the max low enough for it to slowly come down

• ▶ Reply

Permalink Reply by Brad Smith on May 29, 2012 at 7:29pm

That,s what where trying to figure out i think the throttle wire is probably the most dangerous for most vehicles and the mode would be next so maybe we need to have FBWC OR SAFTY MODE which on planes helis and quads could reduce throttle to an exceptable level and shut down once on the ground or for ground vehicles just shut it off. in mine if the rx were too fall out GF would bring it back and circle till the ESC cut out

• ▶ Reply

Permalink Reply by Eagle on May 29, 2012 at 8:33pm

There is already a failsafe function on ArduPlane at this time.

Of course you need to be able to programmed it on your receiver.

 

I use a Spektrum DX8 with AR8000 receiver.

Setup is easy in order to provide below 1000 ppm on throtle when receiver lost contact with Tx Radio and triggering Failsafe on APM.

 

I'm not sure I understood quite well the discussion about watchdogs...

I do not think that APM should re-invent the weel.  I did not follow all the post in details. And I'm aware that Spektrum gears are expensive.

 

Regarding getting the planes back...  before playig with the Geo Fence.

A newbie like me should work on basic fail safe and forget about Geo Fencing for a while.

 

Regarding safety... with the Lipo inside, like a member wrote.. I could be kms away from civilisations and could hit someone far far away because the airframe had enough juice to travel.

 

This is a video regarding the Circle problem.  I'm quite sure it is a Rudder not doing is job...  or maybe not....

And for safety sake, I did not wanted to wait for the 20 seconds RTL.   But I know RTL is working. It was configured and tested.

 

Here it is:

• ▶ Reply

Permalink Reply by Richard on May 30, 2012 at 11:05am

The watchdog is irrelevant and should never have been brought up.

I'm annoyed with myself for replying to Jake about watchdog, he clearly is either trolling or doesn't know what a watchdog is.

• ▶ Reply

Permalink Reply by Richard on May 30, 2012 at 11:32am

What I mean is that the Watchdog is not related to "RC Failsafe" and this thread has clearly confused the two.

Watchdog is to force "hung" firmware to crash-land the aircraft.

Many fixed-wing aircraft will fly quite happily simply by applying power, so a 'hung' firmware won't bring the aircraft down.

In the worst case, if the control surfaces are 'flat', it could vanish into the sunset and crash later when the batteries run out.

However, copters will flip and crash pretty soon after firmware hangs, because the necessary active stabilisation has ceased.

A Watchdog can shut down the motors (good), but once the aircraft is falling and no longer level it's basically impossible to "catch" it.

• ▶ Reply

DeveloperPermalink Reply by Andreas M. Antonopoulos on May 30, 2012 at 12:14pm

The problem with this thread, and the previous one is that there is no specific problem we are "fixing". There are a range of issues, all of which got lumped as "safety" issues, requiring a "failsafe". 

There's not even any consensus on what issue cause Zen's flyaway, or what can be done to avoid in future. 

If the point of this thread is to make this hobby "safe" for all, then it is pointless. If the point is to fix a specific problem, then we have to agree on what the problem is, test and validate that it exists and solve it. So far, I've seen discussion of 5-6 related but separate problems, which require different fixes. Anytime someone asks any question it goes ad-hominem, so I'm gonna stick to writing code. When this is all figured out, maybe we can "fix" it, but until we agree what "it" is... it can't be fixed. 

• ▶ Reply

DeveloperPermalink Reply by R_Lefebvre on May 30, 2012 at 7:48am

Last night I proved out the solution to the phsyical problem of the throttle wire losing contact.

I'm using an FrSky module in an older Futaba radio, and an FrSky DR8SP receiver feeding CPPM to the APM2.  This means there is only a single wire going to the APM, not 4+.  This means that if the single wire should lose contact, you lose *all* control.  So, single point of failure.  But then again, you only have to get 1 wire right.  If the loss of any single signal could cause a loss of control, this solution is 4 to 8 times less likely to cause a loss of control.

But the real test was what happens when that wire is lost?  So I unplugged it, and the radio channel display in MP shows that the throttle signal drops to 900, all others are centered, and so the APM enters failsafe which is RTL.  IMO, this is the safest option.

Now, I did discover that when reconnecting the Rx to the APM, it caused the APM to reboot.  I tracked this down to the apparent fact that there are some caps in the Rx which need to charge, and the inrush currently momentarily browns out the APM.  This would be a problem if you had a flaky connection that was coming on and off.  However, I solved this by simply plugging a 3300uF capacitor into the APM to help support the voltage level when the Rx is reattached.

So to summarize:

1. Cost is only ~$60?  This also gets you telemetry, which is awesome.  This allows you to see an impending radio link loss before it happens!  AND you get a fully programmable failsafe so that you can program in whatever failsafe you want to have if the Tx signal is lost.  Want to shut the motors down?  No problem.  Want to RTL?  No problem.  Want to Loiter/Circle?  No problem.

http://www.hobbyking.com/hobbyking/store/__14354__FrSky_DF_2_4Ghz_C...

2. The CPPM signalling is easier, cleaner, and 8 times less likely to cause a partial loss of control.

3. The FrSky system is extremely fault tolerant.  It has possibly the best RF noise rejection available, and the fastest reboot and re-link time you can buy.  True diversity from dual antennas.  And does not brown out until <2.8V

http://www.rcmodelreviews.com/frskyreview2.shtml

4. I think everybody should have a capacitor bank installed on the APM power rail as a safety precaution in any case.  These cost a few bucks at most, and can prevent a momentary power glitch from causing a reboot.

http://www.hobbyking.com/hobbyking/store/uh_viewItem.asp?idProduct=...

I use one of these on my big heli.  It helps if a servo has a problem, and can actually keep the APM alive for well over 2 seconds if power is lost.

http://www.hobbyking.com/hobbyking/store/uh_viewItem.asp?idProduct=...

IMO, "Failsafe" is not trying to make a system handle a fault in the least terrible way.  Failsafe is making a system that won't have a problem in the first place.  Reducing failure points is a huge part of that.  Choosing the right equipment is also very important.  And finally, flying in a safe location is the 3rd leg of the stool.

You are all now informed of the "best practices" for safety, and you have no excuse to try and blame 3DR or the APM Developers if you have a crash caused by using a crappy 9X radio system.

Again, IMO, all this talk of watchdog timers forcing reboots is potentially increasing the chance of crashes.  And again, people exist on the ground, not in the air, so not crashing into the ground should be mission #1.  Forcing a reboot GUARANTEES a crash of a Copter.  Causing unnecessary reboots will increase crashes, and increase risk.

• ▶ Reply

Permalink Reply by Jason Willis on May 30, 2012 at 8:34am

I'm very new to all of this so please excuse me if I ask dumb questions. I have a "crappy 9x" and after reading your post I'm curious if I install the FrySky module in the 9X can it be set to do the same thing or would I need to replace the radio?

• ▶ Reply

DeveloperPermalink Reply by R_Lefebvre on May 30, 2012 at 10:27am

If the FrSky unit can be put into the 9X (I'm not sure, but I think it can based on the comments) then you can definitely program it for the failsafe, as the programming is done between the transmitter module and the receiver.  With the standard FrSky firmware, you simply set your Tx to whatever control position you want for failsafe, then push the button on the Rx, and it remembers the settings.  If it ever loses radio link with the Tx, then it sends the preset signals.  I have tested this and it works.

Optionally, you can flash new official firmware to the Tx module, where, if you press the button on the Tx module, it sets the failsafe settings.  This is useful for some situations where you want to fly your aircraft and program in a functionality.  So, assuming no APM, if you have a stable aircraft, you could get your aircraft in a nice gentle, level circle, push the button, and remember those positions.  Then if you lose signal, there's a chance it will start circling without crashing.  Alternatively, you could program in a snap-roll with min-throttle.  This will be the lowest-energy possibility for a controlled crash landing of your airplane.  Obviously this would only be done if it's determined that you'd rather be able to pick up the pieces, rather than have a fly-away.  The airfame would be toast, but you'd get your engine and electronics back.

• ▶ Reply

Permalink Reply by Andreas on May 30, 2012 at 10:32am

This is what I ordered and put in my Turnigy 9X. Works great.

http://www.hobbyking.com/hobbyking/store/uh_viewItem.asp?idProduct=...

Adding the FrSky module is only a matter of plugging it in. Preserving the 9x module is another story as the antenna cable can't be unplugged.

I essentially did the same procedure as posted in the link below. The only tricky part was to reconnect the miniature coax antenna cable of the 9x module. Have not done any range tests, but so far it looks like it survived the operation.

http://azureengineering.blogspot.com/2011/02/turnigy-9x-transmitter...

• ▶ Reply

• ‹ Previous
• 1
• …
• 4
• 5
• 6
• 7
• 8
• …
• 13
• Next ›
• Page