Failsafes

Rover supports three failsafe mechanisms as described below.

Radio Failsafe (aka Throttle Failsafe)

../_images/rover-failsafe-rc.jpg

This failsafe is triggered if the connection between the user’s transmitter and the receiver on the vehicle is lost for at least FS_TIMEOUT seconds.

  • the loss of transmitter/receiver connection is detected by:
    • no signals being sent from the receiver to the autopilot board OR
    • the throttle channel (normally input channel 3) value falling below the FS_THR_VALUE parmeter value
  • set FS_THR_ENABLE to “1” to enable this failsafe
  • if FS_ACTION is “1”, the vehicle will RTL to home, if “2” the vehicle will Hold, if “3” or “4” the vehicle will attempt to use SmartRTL but if this mode cannot be engaged the vehicle will RTL or Hold respectively.
  • once the transmitter/receiver connection is restored, the user may use the transmitter’s mode switch to re-take control of the vehicle in Manual (or any other mode)

Battery Failsafe

The battery failsafe is triggered if a battery monitor has been enabled and the battery voltage and/or the estimated remaining power has crossed a configurable threshold for at least 10 seconds.

  • set BATT_LOW_VOLT to the minimum voltage (i.e. 10.5V)
  • optionally set BATT_LOW_MAH to the minimum battery capacity (i.e. 300mAh)
  • BATT_FS_LOW_ACT configures the failsafe action to take. “0” to take no action, “1” to change into RTL, “2” to change to Hold, if “3” or “4” the vehicle will attempt to use SmartRTL but if this mode cannot be engaged the vehicle will RTL or Hold respectively. “5” will disarm the vehicle.
  • BATT_LOW_TIMER allows configuring how many seconds the low voltage or low capacity must continue for the failsafe action to be executed (default is 10seconds)

A two stage failsafe is possible by setting the BATT_CRT_VOLT, BATT_CRT_MAH and BATT_FS_CRT_ACT. The second stage failsafe action will be taken once the battery falls below these limits for BATT_LOW_TIMER seconds.

GCS Failsafe (aka Telemetry Failsafe)

This failsafe is triggered if the vehicle stops receiving heartbeat messages from the ground station for at least FS_TIMEOUT seconds.

  • set FS_GCS_ENABLE to “1” to enable this failsafe
  • if FS_ACTION is “1”, the vehicle will RTL to home, if “2” the vehicle will Hold
  • use the transmitter’s mode switch to re-take control of the vehicle in Manual (or any other mode)

Crash Check

If enabled by setting the FS_CRASH_CHECK parameter to “1” (for Hold) or “2” (for Hold and Disarm) this failsafe will switch the vehicle to Hold and then (optionally) disarm the vehicle if all the following are true for at least 2 seconds:

  • the vehicle is in Auto, Guided, RTL or SmartRTL mode
  • velocity falls below 0.08m/s (i.e. 8cm/s)
  • the vehicle is turning at less than 4.5 deg/s
  • demanded throttle to the motors (from the pilot or autopilot) is at least 5%