Failsafe Override
We (not sure about Wade but I certainly am) getting down to the real circuit design level, and once again safety considerations are essential. Looking back at the question posted in the previous entry: What do we do if the RX unit looses signal from the pilot’s manual transmitter - and how do we do this?
So far this seems to be the best solution:
- When the plane takes off a 'home' GPS coordinate is programmed into memory.
- If the autopilot looses the signal from the ground it will fly the plane back to this home location
- On approach of the home location the autopilot will cut power to the engine to reduce airspeed
- An ultra bright red distress LED mounted on the fuselage will flash
- The air-to-ground communications link will send a mayday message.
Hopefully this will allow enough time for the pilot to regain control.
Failing this, the plane could be directed in a tight circuit of the home location, un-powered - as to slowly reduce altitude.
How do we do this then?
Well connecting the RX Mux select line is connected to an input interrupt pin on the microcontroller. If an interrupt hasn't been generated in a set amount of time (eg. missed 3 or 5 cycles in a row) the auto recovery routine is initiated. If this is merely a software fault, the ground pilot will still be able to control the plane by simply turning of autopilot in hardware through the multiplexing circuitry.
One other thing I have thought of - we need an ARM button. This means that if the microcontroller is started up before the TX, it will not attempt to initialise emergency recovery routines.