Browse Source
we now pass all channels through at 50Hz if the main loop stops running, regardless of why. This gives us a reasonable failsafe, as long as the low level RC library is still working, and interrupts don't get completely disabled.mission-4.1.18
Andrew Tridgell
13 years ago
2 changed files with 49 additions and 2 deletions
@ -0,0 +1,45 @@
@@ -0,0 +1,45 @@
|
||||
// -*- tab-width: 4; Mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*- |
||||
/* |
||||
failsafe support |
||||
Andrew Tridgell, December 2011 |
||||
*/ |
||||
|
||||
/* |
||||
our failsafe strategy is to detect main loop lockup and switch to |
||||
passing inputs straight from the RC inputs to RC outputs. |
||||
*/ |
||||
|
||||
/* |
||||
this failsafe_check function is called from the core timer interrupt |
||||
at 1kHz. |
||||
*/ |
||||
void failsafe_check(uint32_t tnow) |
||||
{ |
||||
static uint16_t last_mainLoop_count; |
||||
static uint32_t last_timestamp; |
||||
static bool in_failsafe; |
||||
|
||||
if (mainLoop_count != last_mainLoop_count) { |
||||
// the main loop is running, all is OK |
||||
last_mainLoop_count = mainLoop_count; |
||||
last_timestamp = tnow; |
||||
in_failsafe = false; |
||||
return; |
||||
} |
||||
|
||||
if (tnow - last_timestamp > 200000) { |
||||
// we have gone at least 0.2 seconds since the main loop |
||||
// ran. That means we're in trouble, or perhaps are in |
||||
// an initialisation routine or log erase. Start passing RC |
||||
// inputs through to outputs |
||||
in_failsafe = true; |
||||
} |
||||
|
||||
if (in_failsafe && tnow - last_timestamp > 20000) { |
||||
// pass RC inputs to outputs every 20ms |
||||
last_timestamp = tnow; |
||||
for (uint8_t ch=0; ch<8; ch++) { |
||||
APM_RC.OutputCh(ch, APM_RC.InputCh(ch)); |
||||
} |
||||
} |
||||
} |
||||
Loading…
Reference in new issue