2011-12-21 08:25:51 -04:00
|
|
|
// -*- tab-width: 4; Mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*-
|
|
|
|
|
/*
|
2012-08-16 21:50:15 -03:00
|
|
|
* failsafe support
|
|
|
|
|
* Andrew Tridgell, December 2011
|
2011-12-21 08:25:51 -04:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
2012-08-16 21:50:15 -03:00
|
|
|
* our failsafe strategy is to detect main loop lockup and switch to
|
|
|
|
|
* passing inputs straight from the RC inputs to RC outputs.
|
2011-12-21 08:25:51 -04:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
2012-08-16 21:50:15 -03:00
|
|
|
* this failsafe_check function is called from the core timer interrupt
|
|
|
|
|
* at 1kHz.
|
2011-12-21 08:25:51 -04:00
|
|
|
*/
|
|
|
|
|
void failsafe_check(uint32_t tnow)
|
|
|
|
|
{
|
|
|
|
|
static uint16_t last_mainLoop_count;
|
|
|
|
|
static uint32_t last_timestamp;
|
|
|
|
|
static bool in_failsafe;
|
|
|
|
|
|
|
|
|
|
if (mainLoop_count != last_mainLoop_count) {
|
|
|
|
|
// the main loop is running, all is OK
|
|
|
|
|
last_mainLoop_count = mainLoop_count;
|
|
|
|
|
last_timestamp = tnow;
|
|
|
|
|
in_failsafe = false;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (tnow - last_timestamp > 200000) {
|
|
|
|
|
// we have gone at least 0.2 seconds since the main loop
|
2012-08-16 21:50:15 -03:00
|
|
|
// ran. That means we're in trouble, or perhaps are in
|
2011-12-21 08:25:51 -04:00
|
|
|
// an initialisation routine or log erase. Start passing RC
|
|
|
|
|
// inputs through to outputs
|
|
|
|
|
in_failsafe = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (in_failsafe && tnow - last_timestamp > 20000) {
|
2012-08-16 21:50:15 -03:00
|
|
|
// pass RC inputs to outputs every 20ms
|
2011-12-21 08:25:51 -04:00
|
|
|
last_timestamp = tnow;
|
2011-12-21 19:55:43 -04:00
|
|
|
APM_RC.clearOverride();
|
2011-12-21 08:25:51 -04:00
|
|
|
for (uint8_t ch=0; ch<8; ch++) {
|
|
|
|
|
APM_RC.OutputCh(ch, APM_RC.InputCh(ch));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
