I had a brief failsafe the other day while in FPV and managed to survive it.
I'm flying Pixhawk on a DiscoveryPro with the APM power module, and EzUHF-JR module on a Taranis. After looking at my logs, it certainly appears that I had a classic Throttle FS (set to AlwaysLand). I toggled my FM to recover, but in looking at the logs, I saw something I've not yet seen (but I'm new to APM):
Flying in Stabilize, at about 800 feet away at 60 feet ASL, I got this sequence:
Err: FAILSAFE_BATT-1
Err: FAILSAFE_RADIO_1
Err: FAILSAFE_RADIO_0
I do not have Battery failsafe enabled, and both my main battery and Vcc were stable during the event (it does not appear to be a brownout). I'm not sure why I got a BATT FS, or why there are RADIO_1 AND RADIO_0 messages (or how they are different). I would have expected to have, maybe, one of the RADIO_X messages first if this were a throttle FS.
Can somebody crack open my log and help me understand exactly what happened, and why the sequence listed above occured?
I am doing some further tests of why I might have had a radio failsafe, but am trying to better understand what the Pixhawk's version of the story is.
Thanks!
Brit Davis
You need to be a member of diydrones to add comments!
Replies
A few points on this matter. I can't open the log file at the moment, so this is general, not specific to your event.
You should never fly without the throttle failsafe enabled (aka radio failsafe). Leaving it disabled means if your transmitter dies, receiver dies, or you fly out range, your bird will just fly off into la-la-land, causing damage and possibly injury. I suggest setting it for Enabled Always RTL. I would never set it for Land since you would have no control over who or what it is landing on. You can also set it for Enabled Continue in Auto which will ignore the loss of radio while on an auto mission. That way your auto mission can fly beyond control range. It also gives you a nice "Oh crap" feature... just turn off the transmitter and it will come home.
You should never fly without a battery failsafe set for something intelligent based on the type of flying you do. You need to set it so that you have enough battery left to make it home. Leaving it disabled means your bird will simply drop out of the sky crashing into whatever and whoever happens to be under it when the battery dies. Keeping tabs on a timer should keep you in one piece, but who has never burned their dinner in the oven?
Here is what I did: I know with my 4S 5000mah battery, it will die and fall out of the sky at 14 minutes. I sacrificed a banged up battery to test this. That is 360mah per minute average power consumption. The 3DR power module only accurately measures current in a narrow window. My balance charger confirms that I actually used 5000mah. But Arducopter only saw 4000mah used. So I set the battery capacity to 4000 instead of 5000. Now a reading of zero percent is really zero percent. The measured 4000mah in 14 minutes is 300mah per minutes measured on the APM, so that is the figure I'll use to calculate the failsafe figures.
So, my timer beeps at 4 minutes left and I come home on my own. If for some reason I don't notice or the timer is reset by accident, the failsafes provide protection. And they do so with enough battery capacity remaining to actually make it home!
I totally agree that there can be circumstances where you wouldn't want it to RTL on its own, such as being under a canopy, indoors, etc. In such circumstances, I disable it.
However as to the rest, I definitely disagree. Basically what you've said is "I am too smart to need failsafes". Like I said, let he who has never messed up cooking dinner be the first. Perfectly airworthy aircraft can have a mechanical failure. Perfectly airworthy aircraft can have a tx/rx failure. Perfectly airworthy aircraft can have a battery kick the bucket in flight. You are extremely arrogant to think otherwise, that just because you're so smart, nothing bad will happen unless you want it to.
If RTL isn't practical, there is always the land option instead. At least it will come back to earth slowly. And if Land isn't practical, fine, turn them off completely. But turn them off because they're impractical for the circumstances at hand. Not because you think you and your aircraft are infallible.
I believe it was the part where you proclaimed the only way your aircraft could possibly crash is if you personally make an error which you don't do anymore. All I did was point out that is simply untrue. I said nothing about your abilities
Touche. Technology to prevent a crash is only as good as the technology itself. I'm not entirely sure what caused that issue, however I did find that my GPS is toast. It was drifting wildly up to 20ft.
Exactly. I trust myself more than the current state of autopilots available at this level, so I use them sparingly and only when I command it.
What happened to you has happend to me and it scared the crap out of me so bad that it was a moment like, "never again...I cannot allow this flying blender to suddenly have the authority to choose to pilot itself without me commanding it to pilot itself (enable RTL manually), and without the ability to switch it back out of RTL."
If I fly out of control range, I would not be able to switch back to stab, so my preference, based on experiences like what happened to you, is to not ever allow my multi to continue w/o a control link. It should be game over, instantly. For me, that's the only way I can make sure my quad does not get out of my control. No tx = no flying. And this therefore means no flying over people or property, because that can happen at any instant. This is the price I pay for my version of safety.
About battery failsafe, because I have my FS set to cut throttle, I can't afford a random voltage drop or unexpected FC event (like having FS disabled but it engaged anyway) to trigger FS. That was the point of my OP. It fell, and then it reconnected, and I survived it, luckily. If I were flying indoors, or in places with bad GPS coverage, who knows where it would decide to go. And in this case, you might say, "well, disable failsafe in that case" -- but that is what I had done, and it still happened. I can't let that happen, which is why it freaked me out so much and why I was looking for a solution to it. Like a gun with a faulty safety. Scary as crap.
What I meant is that I don't want a co-pilot to suddenly be in charge w/o me asking it to do so.
And here is why I disagree: On the 16th, you posted an issue where
"While in Alt Hold at about 5 feet, the battery failsafe kicked in. But instead doing what RTL should do, it again went to the left. No altitude change, just left roll as if going somewhere else. This time I caught it, switched to stab, and recovered it."
You are a good pilot to be able to recover, but an inexperienced pilot might not have known how to control it or to recover, and that left roll could have taken it to a bad place. This is precisely why I don't have auto RTL. If that happened to you beyond LOS, and you were relying on it to come back because of a failure, it would have flown, under power, anywhere it wanted to go. Your preference, not mine.
Why are you attempting to educate me? Lay off. I have no problem with your setup, but I do have a problem with your heavy-handedness and condescending tone. I am an experienced pilot, please treat me with respect as I respect your position but prefer my setup otherwise.
I have had many many crashes, due to mechanical, radio, battery, and pilot failures. Hundreds. And I pay for them when this happens. I am not too smart to avoid this, I just prefer to take my licks when it happens and figure out how to make it not happen again. I used to order props by the dozen, flew several packs a day, and crashed a lot. I now order props very rarely, and don't crash much anymore. I have built, rebuilt, and rebuilt again countless times, I am not infallible, I just disagree with your direct suggestion to me about how I fly. You don't know me. If you did, we'd probably be having a beer and talking multis and having a good time.
For the record: I fly multis w/o GPS, and with those, the only failsafe is either descend slowly (read: drift out of control) or stop flying. The last thing I want is my multi to continue under power to potentially a place with kids, dogs, people whatever. So I have not RTL or Land or anytihng. That is what I am used to, and what I am comfortable with.
I never usually step in,BUT, you were the one trying to educate him as well as being condescending. Pedals is actually correct here.Mechanical failures,electronic failures,and flight controller errors happen ALL the time. Throt,Batt,Failsafes are essential in the safe flying of these,and were designed for all of our safety. Your comment-- you ONLY use RTL if you comand it_____ Why would you command it? Just because you want for whatever reasson? But Pedals uses it for failsafe reasons because--HE DOESNT PAY ATTENTION? OR HES NOT THE PILOT IN COMMAND? You think because some of us use Missions, we are not paying attention. Let me get this right--Real pilot using loran-autopilot, are not paying attention---NASA SHUTTLE, they dont have a steering wheel in the craft or on the ground, HMMM, let me see, The SHUTTLE or AIRCRAFT Pilots dont pay attention,or their crafts are not air worthy, OR have backups that dont just drop them in a field. If we have the ability to get back safely because of RTL, Thats because our units are not airworthy? OR were not paying attention? YOU my friend,were the one trying to make him look substandard, BUT, Pedals,you should not have even responded to him. His comment took care of what people thought of the comment to begin with. Then saying he was educating you and being heavy handed, and condescending. BOY, sure looked like it was the other way around. NO, I do not know him! NO, i never come in and comment anywhere, EVER. If you lose signal and your craft continues with its mission,you can still set a failsafe to throttle off if you lose gps. Or when useing goggles or screen,if gps is lost,you can switch to stabilize and fly back manually, if you have that option, depending on what went wrong. And YES, something can even go wrong with either of your setups. Bottom line, just sounded like you got offended just because someone offered some advice. You really came back and tried to bite his head off for no reason. I would have been offended with your comment as well. I dont know,maybe ive been doing this to long-35yrs plus--
Thanks, Pedals, but I respectfully disagree. I have been flying multis a long time and am very used to not having a safety net. My throttle failsafe is to cut throttle. It will never drift away, it will drop and that is the penalty I pay for my aircraft not being airworthy, or me "forgetting" to pay attention. It will not fall onto whoever because I don't fly over people or property. I am thus forced to pay attention to my gauges instead of allowing myself to "forget". I don't care for totally automated "oh crap" stuff. I am the pilot in command and don't want my quad to do anything w/o me instructing it to. There are terrain issues that RTL or land would cause my copter to crash. Like taking off under a tree canopy for proximity flying. I use RTL but only if I command it. Just a different approach. And I don't fly out of control range; I got tired of this happening so I fly UHF so that this never happens anymore.
Your setup might be perfect for you, but realize that that setup can get people into serious trouble, too, especially inexperienced pilots.
this is warning on 3.2 beta
Warning #2: There is a throttle/radio failsafe bug (on this line) affecting PX4/Pixhawk users which can cause a throttle failsafe to be triggered if signals from the receiver stop (i.e. TX turned off or receiver is disconnected) even though the throttle failsafe has been disabled through the mission planner. This is generally not dangerous because it's nearly always a good idea to have this failsafe enabled. This will be fixed in -rc4.
http://diydrones.com/forum/topics/arducopter-3-2-beta-testing?comme...